From: Kruti Pendharkar Date: Wed, 24 Dec 2025 05:58:16 +0000 (-0800) Subject: In ServiceLoadFileContentsPosix, in addition to existing checks X-Git-Tag: stable-13.1.0~13 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=6c143b634ebf2ea2f77ebfdd906069d7b54ec385;p=thirdparty%2Fopen-vm-tools.git In ServiceLoadFileContentsPosix, in addition to existing checks (size, mode, uid, gid), add verification of modification time, device, inode to ensure the opened file matches the intended file. --- diff --git a/open-vm-tools/configure.ac b/open-vm-tools/configure.ac index 8ead1dd4b..91c00575f 100644 --- a/open-vm-tools/configure.ac +++ b/open-vm-tools/configure.ac @@ -1937,6 +1937,7 @@ AC_CONFIG_FILES([ \ + ### ### Output ### diff --git a/open-vm-tools/vgauth/serviceImpl/alias.c b/open-vm-tools/vgauth/serviceImpl/alias.c index 4551c9b9a..2b92f4878 100644 --- a/open-vm-tools/vgauth/serviceImpl/alias.c +++ b/open-vm-tools/vgauth/serviceImpl/alias.c @@ -23,6 +23,11 @@ * Functions to support the Alias store. */ +#ifndef _WIN32 +// Some Linux distributions need this for flag O_NOFOLLOW used in open. +#define _GNU_SOURCE +#endif + #include #include #include @@ -806,16 +811,18 @@ ServiceLoadFileContentsPosix(const gchar *fileName, } } + /* * Now open the file. */ - fd = g_open(fileName, O_RDONLY); + fd = g_open(fileName, O_RDONLY | O_NOFOLLOW); if (fd < 0) { Warning("%s: failed to open %s for read (%d)\n", __FUNCTION__, fileName, errno); return VGAUTH_E_FAIL; } + /* * fstat() to make sure it wasn't changed between the first check * and the open(). @@ -832,6 +839,30 @@ ServiceLoadFileContentsPosix(const gchar *fileName, /* * Now the confidence checks. */ + if (lstatBuf.st_mtime != fstatBuf.st_mtime) { + Warning("%s: mtime of %s changed (%ld vs %ld)\n", __FUNCTION__, + fileName, lstatBuf.st_mtime, fstatBuf.st_mtime); + // XXX audit this? + err = VGAUTH_E_FAIL; + goto done; + } + + if (lstatBuf.st_dev != fstatBuf.st_dev) { + Warning("%s: dev of %s changed (%"FMT64"u vs %"FMT64"u)\n", __FUNCTION__, + fileName, lstatBuf.st_dev, fstatBuf.st_dev); + // XXX audit this? + err = VGAUTH_E_FAIL; + goto done; + } + + if (lstatBuf.st_ino != fstatBuf.st_ino) { + Warning("%s: ino of %s changed (%"FMT64"u vs %"FMT64"u)\n", __FUNCTION__, + fileName, lstatBuf.st_ino, fstatBuf.st_ino); + // XXX audit this? + err = VGAUTH_E_FAIL; + goto done; + } + if (lstatBuf.st_size != fstatBuf.st_size) { Warning("%s: size of %s changed (%d vs %d)\n", __FUNCTION__, fileName, (int) lstatBuf.st_size, (int) fstatBuf.st_size); @@ -939,6 +970,7 @@ ServiceLoadFileContents(const gchar *fileName, } + /* ****************************************************************************** * AliasDumpAliases -- */ /** diff --git a/open-vm-tools/vgauth/serviceImpl/serviceInt.h b/open-vm-tools/vgauth/serviceImpl/serviceInt.h index 46b31490a..d42e01f6c 100644 --- a/open-vm-tools/vgauth/serviceImpl/serviceInt.h +++ b/open-vm-tools/vgauth/serviceImpl/serviceInt.h @@ -344,6 +344,7 @@ gboolean ServiceAliasIsSubjectEqual(ServiceSubjectType t1, gboolean ServiceComparePEMCerts(const gchar *pemCert1, const gchar *pemCert2); + /* * Connection functions */ diff --git a/open-vm-tools/vgauth/test/Makefile.am b/open-vm-tools/vgauth/test/Makefile.am index 92259a755..5f5fdd81a 100644 --- a/open-vm-tools/vgauth/test/Makefile.am +++ b/open-vm-tools/vgauth/test/Makefile.am @@ -1,6 +1,8 @@ ################################################################################ -### Copyright (C) 2014-2017 VMware, Inc. All rights reserved. -### +### Copyright (C) 2014-2025 Broadcom. All rights reserved. +### Broadcom Confidential. The term "Broadcom" refers to Broadcom Inc. +### and/or its subsidiaries. +################################################################################ ### This program is free software; you can redistribute it and/or modify ### it under the terms of version 2 of the GNU General Public License as ### published by the Free Software Foundation. @@ -43,3 +45,4 @@ if HAVE_ICU else vmware_vgauth_smoketest_LINK = $(LINK) endif +