From 23dbdf06c4521b11f7eb0f341af987d8fd92474c Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Wed, 5 Aug 2009 11:06:58 +0930 Subject: [PATCH 1/1] Don't overwrite tdbs with different version numbers. In future, this may happen, and we don't want to clobber them. --- ccan/tdb/open.c | 12 ++++--- ccan/tdb/test/run-bad-tdb-header.c | 54 ++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 5 deletions(-) create mode 100644 ccan/tdb/test/run-bad-tdb-header.c diff --git a/ccan/tdb/open.c b/ccan/tdb/open.c index a5a8e875..677b23d8 100644 --- a/ccan/tdb/open.c +++ b/ccan/tdb/open.c @@ -247,17 +247,19 @@ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int tdb_flags, errno = 0; if (read(tdb->fd, &tdb->header, sizeof(tdb->header)) != sizeof(tdb->header) - || strcmp(tdb->header.magic_food, TDB_MAGIC_FOOD) != 0 - || (tdb->header.version != TDB_VERSION - && !(rev = (tdb->header.version==TDB_BYTEREV(TDB_VERSION))))) { - /* its not a valid database - possibly initialise it */ + || strcmp(tdb->header.magic_food, TDB_MAGIC_FOOD) != 0) { if (!(open_flags & O_CREAT) || tdb_new_database(tdb, hash_size) == -1) { if (errno == 0) { - errno = EIO; /* ie bad format or something */ + errno = EIO; /* ie bad format or something */ } goto fail; } rev = (tdb->flags & TDB_CONVERT); + } else if (tdb->header.version != TDB_VERSION + && !(rev = (tdb->header.version==TDB_BYTEREV(TDB_VERSION)))) { + /* wrong version */ + errno = EIO; + goto fail; } vp = (unsigned char *)&tdb->header.version; vertest = (((uint32_t)vp[0]) << 24) | (((uint32_t)vp[1]) << 16) | diff --git a/ccan/tdb/test/run-bad-tdb-header.c b/ccan/tdb/test/run-bad-tdb-header.c new file mode 100644 index 00000000..1b021003 --- /dev/null +++ b/ccan/tdb/test/run-bad-tdb-header.c @@ -0,0 +1,54 @@ +#define _XOPEN_SOURCE 500 +#include "tdb/tdb.h" +#include "tdb/io.c" +#include "tdb/tdb.c" +#include "tdb/lock.c" +#include "tdb/freelist.c" +#include "tdb/traverse.c" +#include "tdb/transaction.c" +#include "tdb/error.c" +#include "tdb/open.c" +#include "tap/tap.h" +#include +#include + +int main(int argc, char *argv[]) +{ + struct tdb_context *tdb; + struct tdb_header hdr; + int fd; + + plan_tests(11); + /* Can open fine if complete crap, as long as O_CREAT. */ + fd = open("/tmp/test.tdb", O_RDWR|O_CREAT|O_TRUNC, 0600); + ok1(fd >= 0); + ok1(write(fd, "hello world", 11) == 11); + close(fd); + tdb = tdb_open("/tmp/test.tdb", 1024, 0, O_RDWR, 0); + ok1(!tdb); + tdb = tdb_open("/tmp/test.tdb", 1024, 0, O_CREAT|O_RDWR, 0600); + ok1(tdb); + tdb_close(tdb); + + /* Now, with wrong version it should *not* overwrite. */ + fd = open("/tmp/test.tdb", O_RDWR); + ok1(fd >= 0); + ok1(read(fd, &hdr, sizeof(hdr)) == sizeof(hdr)); + ok1(hdr.version == TDB_VERSION); + hdr.version++; + lseek(fd, 0, SEEK_SET); + ok1(write(fd, &hdr, sizeof(hdr)) == sizeof(hdr)); + close(fd); + + tdb = tdb_open("/tmp/test.tdb", 1024, 0, O_RDWR|O_CREAT, 0600); + ok1(errno == EIO); + ok1(!tdb); + + /* With truncate, will be fine. */ + tdb = tdb_open("/tmp/test.tdb", 1024, 0, O_RDWR|O_CREAT|O_TRUNC, 0600); + ok1(tdb); + tdb_close(tdb); + unlink("/tmp/test.tdb"); + + return exit_status(); +} -- 2.39.2