Skip to content
Browse files

Plugins can now be loaded from a default directory ($pkglibdir).

In addition, a new configure flag, --enable-plugins-root, disallows loading
plugins outside this directory.
  • Loading branch information...
1 parent 15cbbf4 commit 283b08c65752f40683014e94912e7a3a91d79a46 @jedisct1 jedisct1 committed Sep 19, 2012
Showing with 60 additions and 6 deletions.
  1. +8 −2 README-PLUGINS.markdown
  2. +7 −0 configure.ac
  3. +2 −1 src/proxy/Makefile.am
  4. +42 −2 src/proxy/plugin_support.c
  5. +1 −1 src/proxy/plugin_support_p.h
View
10 README-PLUGINS.markdown
@@ -57,13 +57,19 @@ If the `./configure` isn't given a different prefix, example plugins
are installed in `/usr/local/lib/dnscrypt-proxy`.
`dnscrypt-proxy` can load any number of plugins using the `--plugin`
-switch, followed by the full path to a plugin (library or libtool
-`.la` file):
+switch, followed by the path to a plugin (library or libtool `.la` file):
dnscrypt-proxy \
--plugin=/usr/local/lib/dnscrypt-proxy/libdcplugin_example.la \
--plugin=/usr/local/lib/dnscrypt-proxy/libdcplugin_example2.la
+A full path is actually not required for plugins sitting in the default
+plugins directory (`/usr/local/lib/dnscrypt-proxy` by default):
+
+ dnscrypt-proxy \
+ --plugin=libdcplugin_example.la \
+ --plugin=libdcplugin_example2.la
+
Filters will always be applied sequentially, in the given order.
On Unix systems, a file containing a `dnscrypt-proxy` plugin must be
View
7 configure.ac
@@ -334,6 +334,13 @@ AC_ARG_ENABLE(relaxed-plugins-permissions,
relaxed_plugins_permissions=enabled])
AM_CONDITIONAL(RELAXED_PLUGINS_PERMISSIONS, test x$relaxed_plugins_permissions = xenabled)
+plugins_root=disabled
+AC_ARG_ENABLE(plugins-root,
+[AS_HELP_STRING(--enable-plugins-root,Only load plugins sitting in the default plugins directory)],
+[CPPFLAGS="$CPPFLAGS -DENABLE_PLUGINS_ROOT=1"
+ plugins_root=enabled])
+AM_CONDITIONAL(ENABLE_PLUGINS_ROOT, test x$plugins_root = xenabled)
+
AC_ARG_ENABLE(blocking-random,
[AS_HELP_STRING(--enable-blocking-random,Use /dev/random instead of /dev/urandom)],
[AC_DEFINE([USE_BLOCKING_RANDOM], [], [Use blocking random])])
View
3 src/proxy/Makefile.am
@@ -82,7 +82,8 @@ if PLUGINS
AM_CPPFLAGS += \
$(LTDLINCL) \
- -I../include
+ -I../include \
+ -DPLUGINS_ROOT=\"$(pkglibdir)/\"
dnscrypt_proxy_LDADD += $(LIBLTDL)
dnscrypt_proxy_DEPENDENCIES += $(LTDLDEPS)
View
44 src/proxy/plugin_support.c
@@ -12,6 +12,7 @@
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#ifndef _WIN32
# include <unistd.h>
#endif
@@ -120,7 +121,7 @@ plugin_support_check_permissions(const char * const plugin_file)
#ifndef _WIN32
struct stat st;
- if (stat(plugin_file, &st) != 0) {
+ if (stat(plugin_file, &st) != 0 || !S_ISREG(st.st_mode)) {
return -1;
}
# ifndef RELAXED_PLUGINS_PERMISSIONS
@@ -194,6 +195,39 @@ plugin_support_unload(DCPluginSupport * const dcps)
return 0;
}
+static char *
+plugin_support_expand_plugin_file(const char * const plugin_file)
+{
+ char *expanded_plugin_file;
+ size_t plugin_file_len;
+ size_t plugins_root_len = sizeof PLUGINS_ROOT - (size_t) 1U;
+ size_t sizeof_expanded_plugin_file;
+
+#ifdef ENABLE_PLUGINS_ROOT
+ if (strstr(plugin_file, "..") != NULL || *plugin_file == '/') {
+ return NULL;
+ }
+ if (strncmp(plugin_file, PLUGINS_ROOT, plugins_root_len) == 0) {
+ return strdup(plugin_file);
+ }
+#else
+ if (*plugin_file == '/') {
+ return strdup(plugin_file);
+ }
+#endif
+ plugin_file_len = strlen(plugin_file);
+ assert(SIZE_MAX - plugins_root_len > plugin_file_len);
+ sizeof_expanded_plugin_file = plugins_root_len + plugin_file_len + 1U;
+ if ((expanded_plugin_file = malloc(sizeof_expanded_plugin_file)) == NULL) {
+ return NULL;
+ }
+ memcpy(expanded_plugin_file, PLUGINS_ROOT, plugins_root_len);
+ memcpy(expanded_plugin_file + plugins_root_len, plugin_file,
+ plugin_file_len + 1U);
+
+ return expanded_plugin_file;
+}
+
DCPluginSupport *
plugin_support_new(const char * const plugin_file)
{
@@ -207,7 +241,11 @@ plugin_support_new(const char * const plugin_file)
return NULL;
}
assert(plugin_file != NULL && *plugin_file != 0);
- dcps->plugin_file = plugin_file;
+ if ((dcps->plugin_file =
+ plugin_support_expand_plugin_file(plugin_file)) == NULL) {
+ free(dcps);
+ return NULL;
+ }
dcps->argv = NULL;
dcps->handle = NULL;
dcps->sync_post_filter = NULL;
@@ -223,6 +261,8 @@ plugin_support_free(DCPluginSupport * const dcps)
assert(dcps->plugin_file != NULL && *dcps->plugin_file != 0);
assert(dcps->plugin != NULL);
free(dcps->plugin);
+ free(dcps->plugin_file);
+ dcps->plugin_file = NULL;
free(dcps->argv);
dcps->argv = NULL;
free(dcps);
View
2 src/proxy/plugin_support_p.h
@@ -21,7 +21,7 @@ struct DCPluginSupport_ {
DCPluginSyncFilter sync_pre_filter;
lt_dlhandle handle;
DCPlugin *plugin;
- const char *plugin_file;
+ char *plugin_file;
char **argv;
int argc;
};

0 comments on commit 283b08c

Please sign in to comment.
Something went wrong with that request. Please try again.