Don't overwrite tdbs with different version numbers.
authorRusty Russell <rusty@rustcorp.com.au>
Wed, 5 Aug 2009 01:36:58 +0000 (11:06 +0930)
committerRusty Russell <rusty@rustcorp.com.au>
Wed, 5 Aug 2009 01:36:58 +0000 (11:06 +0930)
In future, this may happen, and we don't want to clobber them.

ccan/tdb/open.c
ccan/tdb/test/run-bad-tdb-header.c [new file with mode: 0644]

index a5a8e875cbcd5ca4ad927ee93474a25b01ab6252..677b23d84de3baf0a8f8b812cdc74db40578cf68 100644 (file)
@@ -247,17 +247,19 @@ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
 
        errno = 0;
        if (read(tdb->fd, &tdb->header, sizeof(tdb->header)) != sizeof(tdb->header)
-           || strcmp(tdb->header.magic_food, TDB_MAGIC_FOOD) != 0
-           || (tdb->header.version != TDB_VERSION
-               && !(rev = (tdb->header.version==TDB_BYTEREV(TDB_VERSION))))) {
-               /* its not a valid database - possibly initialise it */
+           || strcmp(tdb->header.magic_food, TDB_MAGIC_FOOD) != 0) {
                if (!(open_flags & O_CREAT) || tdb_new_database(tdb, hash_size) == -1) {
                        if (errno == 0) {
-                       errno = EIO; /* ie bad format or something */
+                               errno = EIO; /* ie bad format or something */
                        }
                        goto fail;
                }
                rev = (tdb->flags & TDB_CONVERT);
+       } else if (tdb->header.version != TDB_VERSION
+                  && !(rev = (tdb->header.version==TDB_BYTEREV(TDB_VERSION)))) {
+               /* wrong version */
+               errno = EIO;
+               goto fail;
        }
        vp = (unsigned char *)&tdb->header.version;
        vertest = (((uint32_t)vp[0]) << 24) | (((uint32_t)vp[1]) << 16) |
diff --git a/ccan/tdb/test/run-bad-tdb-header.c b/ccan/tdb/test/run-bad-tdb-header.c
new file mode 100644 (file)
index 0000000..1b02100
--- /dev/null
@@ -0,0 +1,54 @@
+#define _XOPEN_SOURCE 500
+#include "tdb/tdb.h"
+#include "tdb/io.c"
+#include "tdb/tdb.c"
+#include "tdb/lock.c"
+#include "tdb/freelist.c"
+#include "tdb/traverse.c"
+#include "tdb/transaction.c"
+#include "tdb/error.c"
+#include "tdb/open.c"
+#include "tap/tap.h"
+#include <stdlib.h>
+#include <err.h>
+
+int main(int argc, char *argv[])
+{
+       struct tdb_context *tdb;
+       struct tdb_header hdr;
+       int fd;
+
+       plan_tests(11);
+       /* Can open fine if complete crap, as long as O_CREAT. */
+       fd = open("/tmp/test.tdb", O_RDWR|O_CREAT|O_TRUNC, 0600);
+       ok1(fd >= 0);
+       ok1(write(fd, "hello world", 11) == 11);
+       close(fd);
+       tdb = tdb_open("/tmp/test.tdb", 1024, 0, O_RDWR, 0);
+       ok1(!tdb);
+       tdb = tdb_open("/tmp/test.tdb", 1024, 0, O_CREAT|O_RDWR, 0600);
+       ok1(tdb);
+       tdb_close(tdb);
+
+       /* Now, with wrong version it should *not* overwrite. */
+       fd = open("/tmp/test.tdb", O_RDWR);
+       ok1(fd >= 0);
+       ok1(read(fd, &hdr, sizeof(hdr)) == sizeof(hdr));
+       ok1(hdr.version == TDB_VERSION);
+       hdr.version++;
+       lseek(fd, 0, SEEK_SET);
+       ok1(write(fd, &hdr, sizeof(hdr)) == sizeof(hdr));
+       close(fd);
+
+       tdb = tdb_open("/tmp/test.tdb", 1024, 0, O_RDWR|O_CREAT, 0600);
+       ok1(errno == EIO);
+       ok1(!tdb);
+
+       /* With truncate, will be fine. */
+       tdb = tdb_open("/tmp/test.tdb", 1024, 0, O_RDWR|O_CREAT|O_TRUNC, 0600);
+       ok1(tdb);
+       tdb_close(tdb);
+       unlink("/tmp/test.tdb");
+
+       return exit_status();
+}