nfqws2: check hostlist/ipset file is readable before destroying in-memory copy

2026-03-20 16:25:49 +00:00 · 2026-01-19 11:46:21 +03:00
parent 577d9e6aba
commit 33b1e81041
4 changed files with 27 additions and 5 deletions
--- a/nfq2/helpers.c
+++ b/nfq2/helpers.c
@@ -8,7 +8,6 @@
 #include <stdlib.h>
 #include <ctype.h>
 #include <libgen.h>
-#include <fcntl.h>

 #define UNIQ_SORT \
 { \
--- a/nfq2/helpers.h
+++ b/nfq2/helpers.h
@@ -9,6 +9,7 @@
 #include <stdint.h>
 #include <stdio.h>
 #include <time.h>
+#include <fcntl.h>

 #define UNARY_PLUS(v) (v>0 ? "+" : "")

--- a/nfq2/hostlist.c
+++ b/nfq2/hostlist.c
@@ -113,10 +113,18 @@ static bool LoadHostList(struct hostlist_file *hfile)
 		{
 			// stat() error
 			DLOG_PERROR("file_mod_signature");
-			DLOG_ERR("cannot access hostlist file '%s'. in-memory content remains unchanged.\n",hfile->filename);
-			return true;
+			goto unchanged;
 		}
 		if (FILE_MOD_COMPARE(&hfile->mod_sig,&fsig)) return true; // up to date
+		// check if it's readable. do not destroy in-memory copy if not
+		if (!file_open_test(hfile->filename, O_RDONLY))
+		{
+			DLOG_PERROR("file_open_test");
+			goto unchanged;
+		}
+		// don't want to keep backup copy in memory - it will require *2 RAM. Problem on low-ram devices. It's better to fail hostlist read than have OOM.
+		// if a file can be opened there're few chances it can't be read. fs corruption, disk error, deleted or made inaccessible between 2 syscals ?
+		// it's all hypotetically possible but very unlikely. but OOM is much more real problem on an embedded device if list is large enough
 		HostlistPoolDestroy(&hfile->hostlist);
 		if (!AppendHostList(&hfile->hostlist, hfile->filename))
 		{
@@ -126,6 +134,9 @@ static bool LoadHostList(struct hostlist_file *hfile)
 		hfile->mod_sig=fsig;
 	}
 	return true;
+unchanged:
+	DLOG_ERR("cannot access hostlist file '%s'. in-memory content remains unchanged.\n",hfile->filename);
+	return true;
 }
 static bool LoadHostLists(struct hostlist_files_head *list)
 {
--- a/nfq2/ipset.c
+++ b/nfq2/ipset.c
@@ -130,10 +130,18 @@ static bool LoadIpset(struct ipset_file *hfile)
 		{
 			// stat() error
 			DLOG_PERROR("file_mod_signature");
-			DLOG_ERR("cannot access ipset file '%s'. in-memory content remains unchanged.\n",hfile->filename);
-			return true;
+			goto unchanged;
 		}
 		if (FILE_MOD_COMPARE(&hfile->mod_sig,&fsig)) return true; // up to date
+		// check if it's readable. do not destroy in-memory copy if not
+		if (!file_open_test(hfile->filename, O_RDONLY))
+		{
+			DLOG_PERROR("file_open_test");
+			goto unchanged;
+		}
+		// don't want to keep backup copy in memory - it will require *2 RAM. Problem on low-ram devices. It's better to fail ipset read than have OOM.
+		// if a file can be opened there're few chances it can't be read. fs corruption, disk error, deleted or made inaccessible between 2 syscals ?
+		// it's all hypotetically possible but very unlikely. but OOM is much more real problem on an embedded device if list is large enough
 		ipsetDestroy(&hfile->ipset);
 		if (!AppendIpset(&hfile->ipset, hfile->filename))
 		{
@@ -143,6 +151,9 @@ static bool LoadIpset(struct ipset_file *hfile)
 		hfile->mod_sig=fsig;
 	}
 	return true;
+unchanged:
+	DLOG_ERR("cannot access ipset file '%s'. in-memory content remains unchanged.\n",hfile->filename);
+	return true;
 }
 static bool LoadIpsets(struct ipset_files_head *list)
 {