Changeset 519 in openpam

Timestamp:

Jan 10, 2012, 11:50:03 PM (9 years ago)

Author:

Dag-Erling Smørgrav

Message:

Verify that the target is a regular file.

File:

• trunk/lib/openpam_check_owner_perms.c (modified) (5 diffs)

trunk/lib/openpam_check_owner_perms.c

@@ -68 +68 @@
                 return (-1);
         }
+        if (!S_ISREG(sb.st_mode)) {
+                openpam_log(PAM_LOG_ERROR,
+                    "%s: not a regular file", name);
+                errno = EINVAL;
+                return (-1);
+        }
         if ((sb.st_uid != root && sb.st_uid != arbitrator) ||
             (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
@@ -85 +91 @@
  * not writable by group or other.
  *
- * Note that openpam_check_file_owner_perms() should be used instead if
+ * Note that openpam_check_desc_owner_perms() should be used instead if
  * possible to avoid a race between the ownership / permission check and
  * the actual open().
@@ -96 +102 @@
         char pathbuf[PATH_MAX];
         struct stat sb;
-        int len, serrno;
+        int len, serrno, tip;
 
+        tip = 1;
         root = 0;
         arbitrator = geteuid();
@@ -112 +119 @@
                         return (-1);
                 }
+                if (tip && !S_ISREG(sb.st_mode)) {
+                        openpam_log(PAM_LOG_ERROR,
+                            "%s: not a regular file", pathbuf);
+                        errno = EINVAL;
+                        return (-1);
+                }
                 if ((sb.st_uid != root && sb.st_uid != arbitrator) ||
                     (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
@@ -121 +134 @@
                 while (--len > 0 && pathbuf[len] != '/')
                         pathbuf[len] = '\0';
+                tip = 0;
         }
         return (0);