[tor-commits] [tlsdate/debian-master] tlsdated: remove rmrf()

ioerror at torproject.org ioerror at torproject.org
Thu Oct 31 10:25:57 UTC 2013


commit ed1b336ca84f2f71c70f91d0d7aeb5a3ae4b547b
Author: elly <elly at leptoquark.net>
Date:   Thu May 9 13:40:16 2013 -0400

    tlsdated: remove rmrf()
    
    This function, while handy and presently used safely, could become dangerous if
    someone later adds a call to it that passes in attacker-controlled input.
    Therefore, hardcode calls to unlink(2) and rmdir(2) for the files tlsdated
    presently creates. This has the pleasant (?) side-effect of breaking unit-tests
    whenever tlsdated creates files we don't explicitly list on disk.
    
    BUG=None
    TEST=unit
    
    Signed-off-by: Elly Fong-Jones <ellyjones at chromium.org>
---
 src/tlsdated-unittest.c |   13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/tlsdated-unittest.c b/src/tlsdated-unittest.c
index baed329..cb30313 100644
--- a/src/tlsdated-unittest.c
+++ b/src/tlsdated-unittest.c
@@ -27,14 +27,13 @@ FIXTURE_SETUP(tempdir) {
   ASSERT_NE(NULL, p);
 }
 
-int rmrf(char *dir) {
-  char buf[256];
-  snprintf(buf, sizeof(buf), "rm -rf %s", dir);
-  return system(buf);
-}
-
 FIXTURE_TEARDOWN(tempdir) {
-  ASSERT_EQ(0, rmrf(self->path));
+  char buf[256];
+  snprintf(buf, sizeof(buf), "%s/load", self->path);
+  unlink(buf);
+  snprintf(buf, sizeof(buf), "%s/save", self->path);
+  unlink(buf);
+  ASSERT_EQ(0, rmdir(self->path));
 }
 
 int write_time(const char *path, time_t time) {





More information about the tor-commits mailing list