Check the result of seteuid(), just to be paranoid.

[ppp.git] / pppd / options.c

diff --git a/pppd/options.c b/pppd/options.c
index 155bcd0033649ee8173d67c9694dd7484d1eb82e..5c9d3a0d9534345460c7dc247521506d59bd630d 100644 (file)
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -40,7 +40,7 @@
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#define RCSID  "$Id: options.c,v 1.95 2004/11/09 22:33:35 paulus Exp $"
+#define RCSID  "$Id: options.c,v 1.99 2006/06/04 07:04:57 paulus Exp $"
 
 #include <ctype.h>
 #include <stdio.h>
@@ -58,14 +58,19 @@
 #ifdef PPP_FILTER
 #include <pcap.h>
 /*
- * DLT_PPP_WITH_DIRECTION is in current libpcap cvs, and should be in
- * libpcap-0.8.4.  Until that is released, use DLT_PPP - but that means
+ * There have been 3 or 4 different names for this in libpcap CVS, but
+ * this seems to be what they have settled on...
+ * For older versions of libpcap, use DLT_PPP - but that means
  * we lose the inbound and outbound qualifiers.
  */
-#ifndef DLT_PPP_WITH_DIRECTION
-#define DLT_PPP_WITH_DIRECTION DLT_PPP
+#ifndef DLT_PPP_PPPD
+#ifdef DLT_PPP_WITHDIRECTION
+#define DLT_PPP_PPPD   DLT_PPP_WITHDIRECTION
+#else
+#define DLT_PPP_PPPD   DLT_PPP
 #endif
 #endif
+#endif /* PPP_FILTER */
 
 #include "pppd.h"
 #include "pathnames.h"
@@ -296,10 +301,10 @@ option_t general_options[] = {
 #endif
 
 #ifdef PPP_FILTER
-    { "pass-filter", 1, setpassfilter,
+    { "pass-filter", o_special, setpassfilter,
       "set filter for packets to pass", OPT_PRIO },
 
-    { "active-filter", 1, setactivefilter,
+    { "active-filter", o_special, setactivefilter,
       "set filter for active pkts", OPT_PRIO },
 #endif
 
@@ -398,12 +403,14 @@ options_from_file(filename, must_exist, check_prot, priv)
     char args[MAXARGS][MAXWORDLEN];
     char cmd[MAXWORDLEN];
 
-    if (check_prot)
-       seteuid(getuid());
+    if (check_prot && seteuid(getuid()) == -1) {
+       option_error("unable to drop privileges to open %s: %m", filename);
+       return 0;
+    }
     f = fopen(filename, "r");
     err = errno;
-    if (check_prot)
-       seteuid(0);
+    if (check_prot && seteuid(0) == -1)
+       fatal("unable to regain privileges");
     if (f == NULL) {
        errno = err;
        if (!must_exist) {
@@ -1447,13 +1454,13 @@ setpassfilter(argv)
     char **argv;
 {
     pcap_t *pc;
-    int ret = 0;
+    int ret = 1;
 
-    pc = pcap_open_dead(DLT_PPP_WITH_DIRECTION, 65535);
+    pc = pcap_open_dead(DLT_PPP_PPPD, 65535);
     if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == -1) {
        option_error("error in pass-filter expression: %s\n",
                     pcap_geterr(pc));
-       ret = 1;
+       ret = 0;
     }
     pcap_close(pc);
 
@@ -1468,13 +1475,13 @@ setactivefilter(argv)
     char **argv;
 {
     pcap_t *pc;
-    int ret = 0;
+    int ret = 1;
 
-    pc = pcap_open_dead(DLT_PPP_WITH_DIRECTION, 65535);
+    pc = pcap_open_dead(DLT_PPP_PPPD, 65535);
     if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == -1) {
        option_error("error in active-filter expression: %s\n",
                     pcap_geterr(pc));
-       ret = 1;
+       ret = 0;
     }
     pcap_close(pc);
 
@@ -1506,14 +1513,16 @@ setlogfile(argv)
 {
     int fd, err;
 
-    if (!privileged_option)
-       seteuid(getuid());
+    if (!privileged_option && seteuid(getuid()) == -1) {
+       option_error("unable to drop permissions to open %s: %m", *argv);
+       return 0;
+    }
     fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
     if (fd < 0 && errno == EEXIST)
        fd = open(*argv, O_WRONLY | O_APPEND);
     err = errno;
-    if (!privileged_option)
-       seteuid(0);
+    if (!privileged_option && seteuid(0) == -1)
+       fatal("unable to regain privileges: %m");
     if (fd < 0) {
        errno = err;
        option_error("Can't open log file %s: %m", *argv);