Merge pull request #33 from popovich-sergei/next

Next

Author: ikeydoherty

src/library/common.h

@@ -72,7 +72,7 @@ typedef enum {
 typedef struct source_package_t {
         void *name;             /**<Our name for the package */
         void *version;          /**<Our current version */
-        gchar *path;            /**<Filesystem path of source path */
+        char *path;             /**<Filesystem path of source path */
         int release;            /**<Highest (available) release number */
         GList *issues;          /**<List of applicable (non-patched) CVEs */
         GList *patched;         /**<List of *patched* applicable CVEs */

src/main.c

@@ -457,7 +457,7 @@ int main(int argc, char **argv)
         autofree(GOptionContext) *context = NULL;
         autofree(char) *target_sz = NULL;
         autofree(cve_string) *target = NULL;
-        autofree(gchar) *db_path = NULL;
+        autofree(cve_string) *db_path = NULL;
         autofree(CveDB) *cve_db = NULL;
         GList *pkg_plugins = NULL;
         int ret = EXIT_FAILURE;
@@ -492,11 +492,11 @@ int main(int argc, char **argv)
 
         db_path = get_db_path(nvds);
         if (!db_path) {
-                fprintf(stderr, "main(): Out of memory\n");
+                fprintf(stderr, "main(): Can't get db path\n");
                 goto cleanup_no_lock;
         }
 
-        db_locked = cve_db_lock_init(db_path);
+        db_locked = cve_db_lock_init(db_path->str);
         if (!db_locked) {
                 fprintf(stderr, "Not continuing without a database %s\n", "lock");
                 goto cleanup_no_lock;
@@ -509,27 +509,27 @@ int main(int argc, char **argv)
         }
 
         if (!skip_update) {
-                int status = update_required(db_path);
+                int status = update_required(db_path->str);
                 if (status < 0) {
                         fprintf(stderr, "Failed to check if db requires update\n");
                         goto cleanup;
                 }
                 if (status) {
                         fprintf(stderr, "Update of db forced\n");
                         cve_db_unlock();
-                        if (!update_db(quiet, db_path)) {
+                        if (!update_db(quiet, db_path->str)) {
                                 fprintf(stderr, "DB update failure\n");
                                 goto cleanup;
                         }
                 }
         } else {
-                if (!cve_file_exists(db_path)) {
+                if (!cve_file_exists(db_path->str)) {
                         fprintf(stderr, "Not continuing without a database %s\n", "file");
                         goto cleanup;
                 }
         }
 
-        cve_db = cve_db_new(db_path);
+        cve_db = cve_db_new(db_path->str);
         if (!cve_db) {
                 fprintf(stderr, "main(): DB initialisation issue\n");
                 goto cleanup;

src/plugins/packaging/eopkg/eopkg.c

@@ -35,7 +35,7 @@ struct source_package_t *eopkg_inspect_pspec(const char *filename)
         xmlChar *source_name = NULL;
         int release = -1;
         xmlChar *version = NULL;
-        autofree(gchar) *fpath = NULL;
+        char *fpath = NULL;
 
         doc = xmlReadFile(filename, NULL, 0);
         if (!doc) {
@@ -107,19 +107,21 @@ struct source_package_t *eopkg_inspect_pspec(const char *filename)
         if (!version || !source_name) {
                 goto clean;
         }
-        fpath = g_path_get_dirname(filename);
+
+        fpath = cve_get_file_parent(filename);
         if (!fpath) {
                 goto clean;
         }
 
         t = calloc(1, sizeof(struct source_package_t));
         if (!t) {
+                free(fpath);
                 goto clean;
         }
         t->name = xmlStrdup(source_name);
         t->version = xmlStrdup(version);
         t->release = release;
-        t->path = realpath(fpath, NULL);
+        t->path = fpath;
         t->xml = true; /* Ensure xmlFree is used */
         t->type = PACKAGE_TYPE_EOPKG;
 

src/plugins/packaging/pkgbuild/pkgbuild.c

@@ -36,10 +36,10 @@ struct source_package_t *pkgbuild_inspect_spec(const char *filename)
 
         autofree(GDataInputStream) *dis = g_data_input_stream_new(G_INPUT_STREAM(fis));
         char *read = NULL;
+        char *fpath = NULL;
         autofree(gchar) *name = NULL;
         autofree(gchar) *version = NULL;
         autofree(gchar) *release = NULL;
-        autofree(gchar) *fpath = NULL;
 
         while ((read = g_data_input_stream_read_line(dis, NULL, NULL, NULL)) != NULL) {
                 autofree(gstrv) *strv = NULL;
@@ -80,19 +80,20 @@ struct source_package_t *pkgbuild_inspect_spec(const char *filename)
                 return NULL;
         }
 
-        fpath = g_path_get_dirname(filename);
+        fpath = cve_get_file_parent(filename);
         if (!fpath) {
                 return NULL;
         }
 
         t = calloc(1, sizeof(struct source_package_t));
         if (!t) {
+                free(fpath);
                 return NULL;
         }
         t->name = g_strdup(name);
         t->version = g_strdup(version);
         t->release = atoi(release);
-        t->path = realpath(fpath, NULL);
+        t->path = fpath;
         t->type = PACKAGE_TYPE_PKGBUILD;
         return t;
 }

src/plugins/packaging/rpm/rpm.c

@@ -47,11 +47,11 @@ struct source_package_t *rpm_inspect_spec(const char *filename)
 
         autofree(GDataInputStream) *dis = g_data_input_stream_new(G_INPUT_STREAM(fis));
         char *read = NULL;
+        char *fpath = NULL;
         autofree(gchar) *name = NULL;
         autofree(gchar) *version = NULL;
         autofree(gchar) *release = NULL;
         autofree(CveHashmap) *macros = NULL;
-        autofree(gchar) *fpath = NULL;
         GList *lpatches = NULL;
 
         while ((read = g_data_input_stream_read_line(dis, NULL, NULL, NULL)) != NULL) {
@@ -172,7 +172,7 @@ struct source_package_t *rpm_inspect_spec(const char *filename)
                 return NULL;
         }
 
-        fpath = g_path_get_dirname(filename);
+        fpath = cve_get_file_parent(filename);
         if (!fpath) {
                 return NULL;
         }
@@ -185,12 +185,13 @@ struct source_package_t *rpm_inspect_spec(const char *filename)
 
         t = calloc(1, sizeof(struct source_package_t));
         if (!t) {
+                free(fpath);
                 return NULL;
         }
         t->name = g_strdup(name);
         t->version = g_strdup(version);
         t->release = atoi(release);
-        t->path = realpath(fpath, NULL);
+        t->path = fpath;
         t->type = PACKAGE_TYPE_RPM;
         t->extra = lpatches;
 

src/update-main.c

@@ -58,7 +58,7 @@ int main(int argc, char **argv)
 {
         autofree(GError) *error = NULL;
         autofree(GOptionContext) *context = NULL;
-        autofree(gchar) *db_path = NULL;
+        autofree(cve_string) *db_path = NULL;
         int ret = EXIT_FAILURE;
         bool db_locked;
 
@@ -78,17 +78,17 @@ int main(int argc, char **argv)
 
         db_path = get_db_path(nvds);
         if (!db_path) {
-                fprintf(stderr, "main(): Out of memory\n");
+                fprintf(stderr, "main(): Can't get db path\n");
                 goto end;
         }
 
-        db_locked = cve_db_lock_init(db_path);
+        db_locked = cve_db_lock_init(db_path->str);
         if (!db_locked) {
                 fputs("Not continuing without a database lock\n", stderr);
                 goto end;
         }
 
-        if (update_db(_quiet, db_path)) {
+        if (update_db(_quiet, db_path->str)) {
                 ret = EXIT_SUCCESS;
         } else {
                 fprintf(stderr, "Failed to update database\n");

src/update.c

@@ -20,9 +20,10 @@
 #include <stdint.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <time.h>
 #include <utime.h>
 #include <errno.h>
-#include <glib.h>
+#include <pwd.h>
 #include <gio/gio.h>
 #include <curl/curl.h>
 #include <openssl/sha.h>
@@ -44,36 +45,61 @@
 #define UPDATE_THRESHOLD 7200
 #define UPDATE_DB_MARKER_SUFFIX	"cve.update_db"
 
-gchar *get_db_path(const gchar *path)
+static const char *get_home_dir(void)
+{
+        const char *home;
+
+        home = getenv("HOME");
+        if (!home) {
+                struct passwd *p;
+
+                p = getpwuid(getuid());
+                if (p) {
+                        home = p->pw_dir;
+                        if (home && !*home) {
+                                home = NULL;
+                        }
+                }
+        }
+
+        return home;
+}
+
+cve_string *get_db_path(const char *path)
 {
         const mode_t mode = S_IRWXU|S_IRWXG|S_IRWXO;
-        gchar *dir, *ret = NULL;
+        const char *dir;
+        autofree(cve_string) *d = NULL;
 
         if (!path || !*path) {
-                const gchar *home = g_get_home_dir();
-                dir = g_strdup_printf("%s/%s", home, nvd_dir);
+                const char *home;
+
+                home = get_home_dir();
+                if (!home) {
+                        return NULL;
+                }
+
+                d = cve_string_dup_printf("%s/%s", home, nvd_dir);
+                if (!d) {
+                        return NULL;
+                }
+
+                dir = d->str;
         } else {
-                dir = (gchar *) path;
+                dir = path;
         }
 
         if (mkdir(dir, mode)) {
-                struct stat st = { .st_ino = 0, };
-
                 if (errno != EEXIST) {
-                        goto end;
+                        return NULL;
                 }
 
-                if (stat(dir, &st) || !S_ISDIR(st.st_mode)) {
-                        goto end;
+                if (!cve_is_dir(dir)) {
+                        return NULL;
                 }
         }
 
-        ret = g_strdup_printf("%s/%s", dir, nvd_file);
-end:
-        if (dir != path) {
-                g_free(dir);
-        }
-        return ret;
+        return cve_string_dup_printf("%s/%s", dir, nvd_file);
 }
 
 static cve_string *nvdcve_make_fname(int year, const char *fext)
@@ -366,22 +392,35 @@ static int do_fetch_update(int year, const char *db_dir, CveDB *cve_db,
 
 bool update_db(bool quiet, const char *db_file)
 {
-        autofree(gchar) *db_dir = NULL;
+        autofree(char) *db_dir = NULL;
         autofree(CveDB) *cve_db = NULL;
-        autofree(GDateTime) *date = NULL;
         autofree(cve_string) *u_fname = NULL;
+        struct tm *tm;
+        time_t t;
         int u_handle = -1;
         int year;
         bool ret = false;
         bool db_exist = false;
         bool db_locked = false;
 
+        t = time(NULL);
+        if (t == (time_t) -1) {
+                goto time;
+        }
+
+        tm = localtime(&t);
+        if (!tm) {
+                goto time;
+        }
+
+        year = tm->tm_year + 1900;
+
         u_fname = make_db_dot_fname(db_file, UPDATE_DB_MARKER_SUFFIX);
         if (!u_fname) {
                 goto oom;
         }
 
-        db_dir = g_path_get_dirname(db_file);
+        db_dir = cve_get_file_parent(db_file);
         if (!db_dir) {
                 goto oom;
         }
@@ -412,9 +451,6 @@ bool update_db(bool quiet, const char *db_file)
                 goto end;
         }
 
-        date = g_date_time_new_now_local();
-        year = g_date_time_get_year(date);
-
         if (!cve_db_begin(cve_db)) {
                 fprintf(stderr, "Failed to initialise DB\n");
                 goto end;
@@ -460,6 +496,9 @@ bool update_db(bool quiet, const char *db_file)
 oom:
         fputs("update_db(): Out of memory\n", stderr);
         goto end;
+time:
+        fputs("Can't get local time\n", stderr);
+        goto end;
 }
 
 /*

src/update.h

@@ -9,12 +9,9 @@
  * (at your option) any later version.
  */
 
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdbool.h>
+#include "cve-string.h"
 
-gchar *get_db_path(const gchar *path);
+cve_string *get_db_path(const char *path);
 
 int update_required(const char *db_file);