Add access control to the syscheck hash table

wazuh · Jun 21, 2018 · 91b64c9 · 91b64c9
1 parent cb77ae7
commit 91b64c9
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 1 deletion.
diff --git a/src/syscheckd/create_db.c b/src/syscheckd/create_db.c
@@ -72,13 +72,15 @@ static int read_file(const char *file_name, int opts, OSMatch *restriction, whod
 
             // Update database
 
+            w_mutex_lock(mutex_ht);
             if (buf = (char *) OSHash_Get(syscheck.fp, file_name), buf) {
                 snprintf(alert_msg, sizeof(alert_msg), "%.*s -1", SK_DB_NATTR, buf);
                 free(buf);
                 if (!OSHash_Update(syscheck.fp, file_name, strdup(alert_msg))) {
                     merror("Unable to update file to db: %s", file_name);
                 }
             }
+            w_mutex_unlock(mutex_ht);
 
             return (0);
         }else{
@@ -169,7 +171,10 @@ static int read_file(const char *file_name, int opts, OSMatch *restriction, whod
             }
         }
 
+        w_mutex_lock(mutex_ht);
         buf = (char *) OSHash_Get(syscheck.fp, file_name);
+        w_mutex_unlock(mutex_ht);
+
         if (!buf) {
             char alert_msg[OS_MAXSTR + 1];    /* to accommodate a long */
             alert_msg[OS_MAXSTR] = '\0';
@@ -201,9 +206,11 @@ static int read_file(const char *file_name, int opts, OSMatch *restriction, whod
                      opts & CHECK_INODE ? (long)statbuf.st_ino : 0,
                      opts & CHECK_SHA256SUM ? sf256_sum : "xxx");
 
+            w_mutex_lock(mutex_ht);
             if (OSHash_Add(syscheck.fp, file_name, strdup(alert_msg)) <= 0) {
                 merror("Unable to add file to db: %s", file_name);
             }
+            w_mutex_unlock(mutex_ht);
 
             /* Send the new checksum to the analysis server */
             alert_msg[OS_MAXSTR] = '\0';
@@ -254,9 +261,11 @@ static int read_file(const char *file_name, int opts, OSMatch *restriction, whod
                 // Update database
                 snprintf(alert_msg, sizeof(alert_msg), "%.*s%.*s", SK_DB_NATTR, buf, (int)strcspn(c_sum, " "), c_sum);
                 free(buf);
+                w_mutex_lock(mutex_ht);
                 if (!OSHash_Update(syscheck.fp, file_name, strdup(alert_msg))) {
                     merror("Unable to update file to db: %s", file_name);
                 }
+                w_mutex_unlock(mutex_ht);
 
                 /* Send the new checksum to the analysis server */
                 alert_msg[OS_MAXSTR] = '\0';

diff --git a/src/syscheckd/run_realtime.c b/src/syscheckd/run_realtime.c
@@ -41,7 +41,10 @@ int realtime_checksumfile(const char *file_name, whodata_evt *evt)
 {
     char *buf;
 
+    w_mutex_lock(mutex_ht);
     buf = (char *) OSHash_Get(syscheck.fp, file_name);
+    w_mutex_unlock(mutex_ht);
+
     if (buf != NULL) {
         char c_sum[256 + 2];
         size_t c_sum_size;
@@ -55,9 +58,11 @@ int realtime_checksumfile(const char *file_name, whodata_evt *evt)
             snprintf(c_sum, sizeof(c_sum), "%.*s -1", SK_DB_NATTR, buf);
             free(buf);
 
+            w_mutex_lock(mutex_ht);
             if (!OSHash_Update(syscheck.fp, file_name, strdup(c_sum))) {
                 merror("Unable to update file to db: %s", file_name);
             }
+            w_mutex_unlock(mutex_ht);
 
             return (0);
         }
@@ -75,9 +80,11 @@ int realtime_checksumfile(const char *file_name, whodata_evt *evt)
 
             // Update database
             snprintf(alert_msg, sizeof(alert_msg), "%.*s%.*s", SK_DB_NATTR, buf, (int)strcspn(c_sum, " "), c_sum);
+            w_mutex_lock(mutex_ht);
             if (!OSHash_Update(syscheck.fp, file_name, strdup(alert_msg))) {
                 merror("Unable to update file to db: %s", file_name);
             }
+            w_mutex_unlock(mutex_ht);
 
             alert_msg[OS_MAXSTR] = '\0';
             char *fullalert = NULL;

diff --git a/src/syscheckd/syscheck.c b/src/syscheckd/syscheck.c
@@ -16,7 +16,7 @@
 #include "rootcheck/rootcheck.h"
 
 syscheck_config syscheck;
-
+pthread_mutex_t mutex_ht = PTHREAD_MUTEX_INITIALIZER;
 
 #ifdef USE_MAGIC
 #include <magic.h>

diff --git a/src/syscheckd/syscheck.h b/src/syscheckd/syscheck.h
@@ -22,6 +22,9 @@
 /* Global config */
 extern syscheck_config syscheck;
 
+/* Hash table mutex */
+extern pthread_mutex_t mutex_ht;
+
 /** Function Prototypes **/
 
 /* Check the integrity of the files against the saved database */

diff --git a/src/syscheckd/win_whodata.c b/src/syscheckd/win_whodata.c
@@ -365,12 +365,15 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, void *
             // Open fd
             case 4656:
                 // Check if it is a known file
+                w_mutex_lock(mutex_ht);
                 if (!OSHash_Get(syscheck.fp, path)) {
+                    w_mutex_unlock(mutex_ht);
                     if (position = find_dir_pos(path, 1), position < 0) {
                         // Discard the file if its monitoring has not been activated
                         break;
                     }
                 } else {
+                    w_mutex_unlock(mutex_ht);
                     position = -1;
                 }
                 os_calloc(1, sizeof(whodata_evt), w_evt);
@@ -428,7 +431,9 @@ unsigned long WINAPI whodata_callback(EVT_SUBSCRIBE_NOTIFY_ACTION action, void *
                             char wd_sum[OS_SIZE_6144 + 1];
 
                             // Remove the file from the syscheck hash table
+                            w_mutex_lock(mutex_ht);
                             OSHash_Delete(syscheck.fp, w_evt->path);
+                            w_mutex_unlock(mutex_ht);
 
                             if (extract_whodata_sum(w_evt, wd_sum, OS_SIZE_6144)) {
                                 merror("The whodata sum for '%s' file could not be included in the alert as it is too large.", w_evt->path);