Commit graph

33 commits

Author SHA1 Message Date
CismonX
c9ccc4f6df
backend_chromium: fix use-after-free
It's a regression in commit bdfa812d79.
2025-03-29 13:22:52 +08:00
CismonX
bdfa812d79
backend: respect the BOOKMARK_DELETE_DIR flag
Following commit 2e3685f217,
make sure all backends check this flag and return correct error codes.

Normally this is not mandatory, since the kernel looks up
the directory entry to be removed, and fails if the system call
is inappropriate (e.g., calling rmdir() on a regular file).
This happens before FUSE_UNLINK or FUSE_RMDIR is sent to the server.

However, when not in exclusive mode, there is a short window that
TOCTOU problem may occur, which may lead to undesired behavior
(e.g., deletion of a non-empty directory) or even the corruption of
bookmark storage if not properly checked.

Also explain this flag in the user manual.
2025-03-27 12:36:27 +08:00
CismonX
3422d68193
backend: allow bad system time in readonly mode
In readonly mode, we're not using the current time as timestamp,
thus a bad system time won't hurt.

Also in Chromium backend, use zero timestamp for the bookmark root
dir, to accomodate this change (no one cares about it anyway).
2025-03-23 14:56:16 +08:00
CismonX
750c16077c
backend: prevent timestamp overflow
When updating timestamps, make sure that the corresponding
microsecond value fits in a single signed 64-bit integer,
so that it won't result in an integer overflow, which is UB.

Also forbid timestamps before the Unix epoch, since working with
negative time_t is problematic.

This check does not apply to current timestamp, however,
add a check on backend startup to ensure sane system time.

There's no need to validate `tv_nsec`, since the kernel already
does that for us.
2025-03-20 12:46:11 +08:00
CismonX
e0d2aa2058
backend: refactor bookmark_set() for timestamps
Do not expose UTIME_OMIT to backends, but instead specify
which timestamps to update with flags.

This allows us to further refactor backend code, especially
the Chromium backend.
2025-03-20 12:14:59 +08:00
CismonX
d36c070ef2
backend_chromium: refactor parse_ts()
We only need to parse a single integer.
There's no chance that a 64-bit integer cannot hold a valid timestamp.
2025-03-20 10:11:35 +08:00
CismonX
00f40beec7
xstd: add helper function for getting current time
Also, don't bother with failed clock_gettime() calls.
2025-03-19 21:26:27 +08:00
CismonX
c2a91d6420
hashmap: refactor interface
- `hashmap_insert()` no longer takes key as argument, and
  takes the pointer to be associated with the entry as argument.
- Rename `hashmap_entry_delete` -> `hashmap_delete`.
- Make `user_data` the first argument for `hashmap_walk_func`.
- Other misc renames.
2025-03-06 06:40:28 +08:00
CismonX
8cbd5846d9
chore: tidy up 2025-03-01 23:40:34 +08:00
CismonX
0b7b46be9c
watcher: refactor
- Use negated errno as return value.
- Do not consider deletion of the watched file as a fatal error,
  and use a separate error code to distinguish between them.
- Lazy-init worker: Starts watching upon the first call to
  watcher_poll().
2025-03-01 10:02:05 +08:00
CismonX
f952a35ddc
backend: misc refactor
- Following commit d01554400c, rename `attr_key_*` to `xattr_name_*`.
- Other misc changes.
2025-02-28 10:05:25 +08:00
CismonX
d01554400c
backend: rename ATTR_KEY_* -> BM_XATTR_* 2025-02-26 13:56:18 +08:00
CismonX
3e5c800de8
backend_chromium: improve sandboxing
- Always lazy-init watcher when possible.
- Add a check in `backend_create()` that fails when the bookmark
  storage does not exist, so that function behavior is more
  consistent on different platforms with and without sandboxing.
- Only check Landlock flags on Linux.
2025-02-24 17:45:52 +08:00
CismonX
bd90602d4a
xattr: misc refactor
- Check for XATTR_CREATE in setxattr.
- Rename bookmark_attrs -> xattr_names.
- Other misc changes.
2025-02-19 11:34:03 +08:00
CismonX
9afdfc45d7
backend: rename bookmark_check args
- Rename `id` -> `parent_id`, since the function works on
  the parent directory.
2025-02-13 17:48:07 +08:00
CismonX
52b3707d2b
backend: rename bookmark_fsck -> bookmark_check
Some relevant names are also renamed.
2025-02-12 20:47:10 +08:00
CismonX
3375674973
backend: ignore val_len when updating timestamps 2025-02-12 12:36:30 +08:00
CismonX
e199a1203a
backend: fix includes
Fix a regression in commit d1dac54b72 where sys/stat.h is no longer
included in backend_firefox.c and backend_chromium.c.

It has to be explicitly included for the UTIME_xxx macros.
2025-02-10 19:55:43 +08:00
CismonX
df29392008
all: fix conditional build
There were bad code changes that cause the compiler to complain or
panic, but went unnoticed since they are only built if toggled with
`--enable-xxx` or `--disable-xxx` during build configuration.

Fix them altogether.
2025-02-08 19:47:20 +08:00
CismonX
d1dac54b72
chore: tidy up includes 2025-02-08 18:56:45 +08:00
CismonX
d0aa74b212
backend: rename object_free -> cookie_free 2025-02-03 18:15:52 +08:00
CismonX
1d1ff58aa4
ioctl: move type definitions to common.h 2025-02-02 21:35:12 +08:00
CismonX
88e38bd38e
backend: update cookie even on callback failure
No need to check status and always update cookie after
invoking callback for bookmark_list() and bookmark_fsck().
2025-02-01 00:21:02 +08:00
CismonX
78b80be2e5
backend: rename struct bookmarkfs_bookmark_entry
Rename field `next` -> `off`.
2025-01-31 20:31:52 +08:00
CismonX
3ed11f53e5
backend: fix xattr bookmark title check
Do not check if the bookmark title is a valid filename,
as we said in the user manual.

However, we should ensure that the string does not contain
NUL characters, since we assume that a valid bookmark storage
should not contain bookmarks with such names.
2025-01-26 19:35:03 +08:00
CismonX
10ad224b03
backend: rename backend_sync -> bookmark_sync 2025-01-24 23:07:22 +08:00
CismonX
623b4dd4f3
backend: rename backend_free -> backend_destroy 2025-01-24 09:12:41 +08:00
CismonX
3cb99fe85b
all: fix punctuation regarding "e.g." and "i.e."
Follow the convention of modern English grammar that
a comma should usually come after "e.g." and "i.e.".
2025-01-23 19:23:54 +08:00
CismonX
22263e48f2
backend: rename struct
`bookmarkfs_backend_init_resp` -> `bookmarkfs_backend_create_resp`,
since it is used for `backend_create` instead of `backend_init`.
2025-01-23 17:41:31 +08:00
CismonX
d4a370c223
backend_chromium: fix bookmark_create()
Fix the hashcode used for inserting entry into id map.
2025-01-15 19:35:46 +08:00
CismonX
38e33532f0
sandbox: remove redundant fusefd arg 2025-01-04 00:29:16 +08:00
CismonX
3e325a3934
ioctl: check if permd op is valid
A bad permd op should fail ioctl() with EINVAL instead of
invoking undefined behavior.
2025-01-02 18:53:12 +08:00
CismonX
cdf0ddfc53
init: prepare for Savannah 2024-12-31 18:09:03 +08:00