Extcap: Create our fifo in a temporary directory.

Instead of creating a temp file, unlinking it, and creating a fifo with
the same name, add create_tempdir() so that we can create a temporary
directory and create a fifo inside that.

This should avoid a race condition in Carbon Black Cloud antivirus,
which if the timing is right, will stat the initial temporary *file*,
miss the fact that it's been replaced with a *fifo*, and open and steal
data^W^W read from it, leaving dumpcap to contend with the truncated
remains.

Adding the unexpected magic number to cap_pipe_open_live()'s error
message helped to debug this. Leave it in since it's handy to have in
that case.

Ping #15587
This commit is contained in:
Gerald Combs 2022-12-10 17:49:59 -08:00
parent 5aa1871ee0
commit cb420c7911
4 changed files with 74 additions and 34 deletions

View File

@ -1850,7 +1850,7 @@ cap_pipe_open_live(char *pipename,
/* Not a pcapng file, and either not a pcap type we know about
or not a pcap file, either. */
snprintf(errmsg, (gulong)errmsgl,
"Data written to the pipe is neither in a supported pcap format nor in pcapng format.");
"File type is neither a supported pcap nor pcapng format. (magic = 0x%08x)", magic);
snprintf(secondary_errmsg, (gulong)secondary_errmsgl, "%s",
not_our_bug);
goto error;

View File

@ -1354,6 +1354,8 @@ gboolean extcap_session_stop(capture_session *cap_session)
}
/* the fifo will not be freed here, but with the other capture_opts in capture_sync */
ws_unlink(interface_opts->extcap_fifo);
get_dirname(interface_opts->extcap_fifo);
rmdir(interface_opts->extcap_fifo);
interface_opts->extcap_fifo = NULL;
}
if (interface_opts->extcap_control_in && file_exists(interface_opts->extcap_control_in))
@ -1661,33 +1663,27 @@ static gboolean extcap_create_pipe(const gchar *ifname, gchar **fifo, HANDLE *ha
#else
static gboolean extcap_create_pipe(const gchar *ifname, gchar **fifo, const gchar *temp_dir, const gchar *pipe_prefix)
{
gchar *temp_name = NULL;
int fd = 0;
gchar *subdir_tmpl = g_strdup_printf("%s_%s_XXXXXX", pipe_prefix, ifname);
gchar *temp_subdir = create_tempdir(temp_dir, subdir_tmpl, NULL);
gchar *pfx = g_strconcat(pipe_prefix, "_", ifname, NULL);
if ((fd = create_tempfile(temp_dir, &temp_name, pfx, NULL, NULL)) < 0)
g_free(subdir_tmpl);
if (temp_subdir == NULL)
{
g_free(pfx);
return FALSE;
}
g_free(pfx);
ws_close(fd);
gchar *fifo_path = g_build_path(G_DIR_SEPARATOR_S, temp_subdir, "fifo", NULL);
g_free(temp_subdir);
ws_debug("Extcap - Creating fifo: %s", temp_name);
ws_debug("Extcap - Creating fifo: %s", fifo_path);
if (file_exists(temp_name))
if (mkfifo(fifo_path, 0600) == 0)
{
ws_unlink(temp_name);
}
if (mkfifo(temp_name, 0600) == 0)
{
*fifo = temp_name;
*fifo = fifo_path;
}
else
{
g_free(temp_name);
g_free(fifo_path);
}
return TRUE;
}

View File

@ -15,6 +15,28 @@
#include "tempfile.h"
#include "file_util.h"
static char *
sanitize_prefix(const char *prefix)
{
if (!prefix) {
return NULL;
}
/* The characters in "delimiters" come from:
* https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file#naming-conventions.
* Add to the list as necessary for other OS's.
*/
const gchar *delimiters = "<>:\"/\\|?*"
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a"
"\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
"\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f";
/* Sanitize the prefix to resolve bug 7877 */
char *safe_prefx = g_strdup(prefix);
safe_prefx = g_strdelimit(safe_prefx, delimiters, '-');
return safe_prefx;
}
/**
* Create a tempfile with the given prefix (e.g. "wireshark"). The path
* is created using g_file_open_tmp.
@ -32,22 +54,7 @@ int
create_tempfile(const char *tempdir, gchar **namebuf, const char *pfx, const char *sfx, GError **err)
{
int fd;
gchar *safe_pfx = NULL;
if (pfx) {
/* The characters in "delimiters" come from:
* https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file#naming-conventions.
* Add to the list as necessary for other OS's.
*/
const gchar *delimiters = "<>:\"/\\|?*"
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a"
"\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
"\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f";
/* Sanitize the pfx to resolve bug 7877 */
safe_pfx = g_strdup(pfx);
safe_pfx = g_strdelimit(safe_pfx, delimiters, '-');
}
gchar *safe_pfx = sanitize_prefix(pfx);
if (tempdir == NULL || tempdir[0] == '\0') {
/* Use OS default tempdir behaviour */
@ -107,6 +114,31 @@ create_tempfile(const char *tempdir, gchar **namebuf, const char *pfx, const cha
return fd;
}
char *
create_tempdir(const gchar *parent_dir, const char *tmpl, GError **err)
{
if (parent_dir == NULL || parent_dir[0] == '\0') {
parent_dir = g_get_tmp_dir();
}
gchar *safe_pfx = sanitize_prefix(tmpl);
if (safe_pfx == NULL) {
safe_pfx = g_strdup("wireshark_XXXXXX");
}
char *temp_subdir = g_build_path(G_DIR_SEPARATOR_S, parent_dir, safe_pfx, NULL);
g_free(safe_pfx);
if (g_mkdtemp(temp_subdir) == NULL)
{
g_free(temp_subdir);
g_set_error_literal(err, G_FILE_ERROR,
g_file_error_from_errno(errno), g_strerror(errno));
return FALSE;
}
return temp_subdir;
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

View File

@ -27,7 +27,7 @@ extern "C" {
*
* @param tempdir [in] If not NULL, the directory in which to create the file.
* @param namebuf [in,out] If not NULL, receives the full path of the temp file.
* Must be freed.
* Must be g_freed.
* @param pfx [in] A prefix for the temporary file.
* @param sfx [in] A file extension for the temporary file. NULL can be passed
* if no file extension is needed
@ -36,6 +36,18 @@ extern "C" {
*/
WS_DLL_PUBLIC int create_tempfile(const gchar *tempdir, gchar **namebuf, const char *pfx, const char *sfx, GError **err);
/**
* Create a tempfile with the given parent directory (e.g. "/my/private/tmp"). The path
* is created using g_mkdtemp.
*
* @param parent_dir [in] If not NULL, the parent directory in which to create the subdirectory,
* otherwise the system temporary directory is used.
* @param tmpl [in] A template for the temporary directory.
* @param err [out] Any error returned by g_mkdtemp. May be NULL.
* @return The full path of the temporary directory or NULL on error. Must be g_freed.
*/
WS_DLL_PUBLIC char *create_tempdir(const gchar *parent_dir, const char *tmpl, GError **err);
#ifdef __cplusplus
}
#endif /* __cplusplus */