diff --git a/nfq2/helpers.c b/nfq2/helpers.c index 7878f51..651ec7d 100644 --- a/nfq2/helpers.c +++ b/nfq2/helpers.c @@ -8,7 +8,6 @@ #include #include #include -#include #define UNIQ_SORT \ { \ diff --git a/nfq2/helpers.h b/nfq2/helpers.h index 93963d9..175fb62 100644 --- a/nfq2/helpers.h +++ b/nfq2/helpers.h @@ -9,6 +9,7 @@ #include #include #include +#include #define UNARY_PLUS(v) (v>0 ? "+" : "") diff --git a/nfq2/hostlist.c b/nfq2/hostlist.c index 81067f7..ec31b60 100644 --- a/nfq2/hostlist.c +++ b/nfq2/hostlist.c @@ -113,10 +113,18 @@ static bool LoadHostList(struct hostlist_file *hfile) { // stat() error DLOG_PERROR("file_mod_signature"); - DLOG_ERR("cannot access hostlist file '%s'. in-memory content remains unchanged.\n",hfile->filename); - return true; + goto unchanged; } if (FILE_MOD_COMPARE(&hfile->mod_sig,&fsig)) return true; // up to date + // check if it's readable. do not destroy in-memory copy if not + if (!file_open_test(hfile->filename, O_RDONLY)) + { + DLOG_PERROR("file_open_test"); + goto unchanged; + } + // don't want to keep backup copy in memory - it will require *2 RAM. Problem on low-ram devices. It's better to fail hostlist read than have OOM. + // if a file can be opened there're few chances it can't be read. fs corruption, disk error, deleted or made inaccessible between 2 syscals ? + // it's all hypotetically possible but very unlikely. but OOM is much more real problem on an embedded device if list is large enough HostlistPoolDestroy(&hfile->hostlist); if (!AppendHostList(&hfile->hostlist, hfile->filename)) { @@ -126,6 +134,9 @@ static bool LoadHostList(struct hostlist_file *hfile) hfile->mod_sig=fsig; } return true; +unchanged: + DLOG_ERR("cannot access hostlist file '%s'. in-memory content remains unchanged.\n",hfile->filename); + return true; } static bool LoadHostLists(struct hostlist_files_head *list) { diff --git a/nfq2/ipset.c b/nfq2/ipset.c index 79a516a..115f00d 100644 --- a/nfq2/ipset.c +++ b/nfq2/ipset.c @@ -130,10 +130,18 @@ static bool LoadIpset(struct ipset_file *hfile) { // stat() error DLOG_PERROR("file_mod_signature"); - DLOG_ERR("cannot access ipset file '%s'. in-memory content remains unchanged.\n",hfile->filename); - return true; + goto unchanged; } if (FILE_MOD_COMPARE(&hfile->mod_sig,&fsig)) return true; // up to date + // check if it's readable. do not destroy in-memory copy if not + if (!file_open_test(hfile->filename, O_RDONLY)) + { + DLOG_PERROR("file_open_test"); + goto unchanged; + } + // don't want to keep backup copy in memory - it will require *2 RAM. Problem on low-ram devices. It's better to fail ipset read than have OOM. + // if a file can be opened there're few chances it can't be read. fs corruption, disk error, deleted or made inaccessible between 2 syscals ? + // it's all hypotetically possible but very unlikely. but OOM is much more real problem on an embedded device if list is large enough ipsetDestroy(&hfile->ipset); if (!AppendIpset(&hfile->ipset, hfile->filename)) { @@ -143,6 +151,9 @@ static bool LoadIpset(struct ipset_file *hfile) hfile->mod_sig=fsig; } return true; +unchanged: + DLOG_ERR("cannot access ipset file '%s'. in-memory content remains unchanged.\n",hfile->filename); + return true; } static bool LoadIpsets(struct ipset_files_head *list) {