Merge 39b4b72a412aed65656f61e5359919fd0df06d88 into 5f9fa28251443d3295d9979da95e08df10c0c3c3

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.

nfq/helpers.c

@@ -9,6 +9,7 @@
 #include <ctype.h>
 #include <sys/stat.h>
 #include <libgen.h>
+#include <fcntl.h>
 
 int unique_size_t(size_t *pu, int ct)
 {
@@ -313,6 +314,17 @@ bool file_mod_signature(const char *filename, file_mod_sig *ms)
 	return true;
 }
 
+bool file_open_test(const char *filename, int flags)
+{
+	int fd = open(filename,flags);
+	if (fd>=0)
+	{
+		close(fd);
+		return true;
+	}
+	return false;
+}
+
 bool pf_in_range(uint16_t port, const port_filter *pf)
 {
 	return port && (((!pf->from && !pf->to) || (port>=pf->from && port<=pf->to)) ^ pf->neg);

nfq/helpers.h

@@ -77,6 +77,7 @@ typedef struct
 #define FILE_MOD_RESET(ms) memset(ms,0,sizeof(file_mod_sig))
 bool file_mod_signature(const char *filename, file_mod_sig *ms);
 time_t file_mod_time(const char *filename);
+bool file_open_test(const char *filename, int flags);
 
 typedef struct
 {

nfq/nfqws.c

@@ -126,16 +126,16 @@ static bool test_list_files()
 	struct ipset_file *ifile;
 
 	LIST_FOREACH(hfile, &params.hostlists, next)
-		if (!file_mod_time(hfile->filename))
+		if (!file_open_test(hfile->filename, O_RDONLY))
 		{
-			DLOG_PERROR("file_mod_time");
+			DLOG_PERROR("file_open_test");
 			DLOG_ERR("cannot access hostlist file '%s'\n",hfile->filename);
 			return false;
 		}
 	LIST_FOREACH(ifile, &params.ipsets, next)
-		if (!file_mod_time(ifile->filename))
+		if (!file_open_test(ifile->filename, O_RDONLY))
 		{
-			DLOG_PERROR("file_mod_time");
+			DLOG_PERROR("file_open_test");
 			DLOG_ERR("cannot access ipset file '%s'\n",ifile->filename);
 			return false;
 		}

tpws/helpers.c

@@ -11,6 +11,7 @@
 #include <sys/stat.h>
 #include <libgen.h>
 #include <unistd.h>
+#include <fcntl.h>
 
 #ifdef __ANDROID__
 #include "andr/ifaddrs.h"
@@ -327,6 +328,17 @@ bool file_mod_signature(const char *filename, file_mod_sig *ms)
 	return true;
 }
 
+bool file_open_test(const char *filename, int flags)
+{
+	int fd = open(filename,flags);
+	if (fd>=0)
+	{
+		close(fd);
+		return true;
+	}
+	return false;
+}
+
 bool pf_in_range(uint16_t port, const port_filter *pf)
 {
 	return port && (((!pf->from && !pf->to) || (port >= pf->from && port <= pf->to)) ^ pf->neg);

tpws/helpers.h

@@ -71,6 +71,7 @@ typedef struct
 #define FILE_MOD_RESET(ms) memset(ms,0,sizeof(file_mod_sig))
 bool file_mod_signature(const char *filename, file_mod_sig *ms);
 time_t file_mod_time(const char *filename);
+bool file_open_test(const char *filename, int flags);
 
 typedef struct
 {

tpws/tpws.c

@@ -122,16 +122,16 @@ static bool test_list_files()
 	struct ipset_file *ifile;
 
 	LIST_FOREACH(hfile, &params.hostlists, next)
-		if (!file_mod_time(hfile->filename))
+		if (!file_open_test(hfile->filename, O_RDONLY))
 		{
-			DLOG_PERROR("file_mod_time");
+			DLOG_PERROR("file_open_test");
 			DLOG_ERR("cannot access hostlist file '%s'\n",hfile->filename);
 			return false;
 		}
 	LIST_FOREACH(ifile, &params.ipsets, next)
-		if (!file_mod_time(ifile->filename))
+		if (!file_open_test(ifile->filename, O_RDONLY))
 		{
-			DLOG_PERROR("file_mod_time");
+			DLOG_PERROR("file_open_test");
 			DLOG_ERR("cannot access ipset file '%s'\n",ifile->filename);
 			return false;
 		}