Refuse invitees if we can't delete the invitation file.

If the call to unlink() or a subsequent sync of the invitation directory
fails, don't allow the invitee access, to prevent an invitation from
being used twice.

diff --git a/src/conf.c b/src/conf.c
index eea9c3dd6245b8e8432af30f511d41c6f0f0ace6..ca107b0a062c6dc5470dab09e8da44a909a0b4f4 100644 (file)
--- a/src/conf.c
+++ b/src/conf.c
@@ -866,7 +866,19 @@ bool invitation_read(meshlink_handle_t *mesh, const char *conf_subdir, const cha
 
        fclose(f);
 
-       unlink(used_path);
+       if(unlink(used_path)) {
+               logger(mesh, MESHLINK_ERROR, "Failed to unlink `%s': %s", path, strerror(errno));
+               return false;
+       }
+
+       snprintf(path, sizeof(path), "%s" SLASH "%s" SLASH "invitations", mesh->confbase, conf_subdir);
+
+       if(!sync_path(path)) {
+               logger(mesh, MESHLINK_ERROR, "Failed to sync `%s': %s", path, strerror(errno));
+               meshlink_errno = MESHLINK_ESTORAGE;
+               return false;
+       }
+
        return true;
 }