Message ID | 20171126171422.22298-1-roman@advem.lv |
---|---|
State | Accepted |
Headers | show |
Series | [LEDE-DEV,rpcd,v3] sys: fix passwd path | expand |
Citeren Roman Yeryomin <roman@advem.lv>: > Changes from v2: > - const both to pointer and char itself, so nothing can be modified The first const may be useful to prevent changes to the pointer, but the second is nonsense. You won't be able to modify the string it points to anyway. const char *passwd = "/bin/passwd"; > Signed-off-by: Roman Yeryomin <roman@advem.lv> > --- > sys.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/sys.c b/sys.c > index 40f49ca..122191b 100644 > --- a/sys.c > +++ b/sys.c > @@ -78,6 +78,7 @@ rpc_cgi_password_set(struct ubus_context *ctx, > struct ubus_object *obj, > struct blob_attr *tb[__RPC_P_MAX]; > ssize_t n; > int ret; > + const char *const passwd = "/bin/passwd"; > > blobmsg_parse(rpc_password_policy, __RPC_P_MAX, tb, > blob_data(msg), blob_len(msg)); > @@ -85,7 +86,7 @@ rpc_cgi_password_set(struct ubus_context *ctx, > struct ubus_object *obj, > if (!tb[RPC_P_USER] || !tb[RPC_P_PASSWORD]) > return UBUS_STATUS_INVALID_ARGUMENT; > > - if (stat("/usr/bin/passwd", &s)) > + if (stat(passwd, &s)) > return UBUS_STATUS_NOT_FOUND; > > if (!(s.st_mode & S_IXUSR)) > @@ -119,7 +120,7 @@ rpc_cgi_password_set(struct ubus_context *ctx, > struct ubus_object *obj, > if (ret < 0) > return rpc_errno_status(); > > - if (execl("/usr/bin/passwd", "/usr/bin/passwd", > + if (execl(passwd, passwd, > blobmsg_data(tb[RPC_P_USER]), NULL)) > return rpc_errno_status();
On 2017-11-26 19:50, Arjen de Korte wrote: > Citeren Roman Yeryomin <roman@advem.lv>: > >> Changes from v2: >> - const both to pointer and char itself, so nothing can be modified > > The first const may be useful to prevent changes to the pointer, but > the second is nonsense. You won't be able to modify the string it > points to anyway. > > const char *passwd = "/bin/passwd"; > You are utterly wrong, try `passwd = "whatever";` after that ^^^
Merged to rpcd.git in https://git.lede-project.org/?p=project/rpcd.git;a=commitdiff;h=74a784f037867025ad1c6b8c38bfdfa548742339 - thanks. ~ Jo
diff --git a/sys.c b/sys.c index 40f49ca..122191b 100644 --- a/sys.c +++ b/sys.c @@ -78,6 +78,7 @@ rpc_cgi_password_set(struct ubus_context *ctx, struct ubus_object *obj, struct blob_attr *tb[__RPC_P_MAX]; ssize_t n; int ret; + const char *const passwd = "/bin/passwd"; blobmsg_parse(rpc_password_policy, __RPC_P_MAX, tb, blob_data(msg), blob_len(msg)); @@ -85,7 +86,7 @@ rpc_cgi_password_set(struct ubus_context *ctx, struct ubus_object *obj, if (!tb[RPC_P_USER] || !tb[RPC_P_PASSWORD]) return UBUS_STATUS_INVALID_ARGUMENT; - if (stat("/usr/bin/passwd", &s)) + if (stat(passwd, &s)) return UBUS_STATUS_NOT_FOUND; if (!(s.st_mode & S_IXUSR)) @@ -119,7 +120,7 @@ rpc_cgi_password_set(struct ubus_context *ctx, struct ubus_object *obj, if (ret < 0) return rpc_errno_status(); - if (execl("/usr/bin/passwd", "/usr/bin/passwd", + if (execl(passwd, passwd, blobmsg_data(tb[RPC_P_USER]), NULL)) return rpc_errno_status();
Changes from v2: - const both to pointer and char itself, so nothing can be modified Signed-off-by: Roman Yeryomin <roman@advem.lv> --- sys.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)