Changeset 519 in openpam for trunk


Ignore:
Timestamp:
Jan 10, 2012, 11:50:03 PM (7 years ago)
Author:
Dag-Erling Smørgrav
Message:

Verify that the target is a regular file.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/lib/openpam_check_owner_perms.c

    r509 r519  
    6868                return (-1);
    6969        }
     70        if (!S_ISREG(sb.st_mode)) {
     71                openpam_log(PAM_LOG_ERROR,
     72                    "%s: not a regular file", name);
     73                errno = EINVAL;
     74                return (-1);
     75        }
    7076        if ((sb.st_uid != root && sb.st_uid != arbitrator) ||
    7177            (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
     
    8591 * not writable by group or other.
    8692 *
    87  * Note that openpam_check_file_owner_perms() should be used instead if
     93 * Note that openpam_check_desc_owner_perms() should be used instead if
    8894 * possible to avoid a race between the ownership / permission check and
    8995 * the actual open().
     
    96102        char pathbuf[PATH_MAX];
    97103        struct stat sb;
    98         int len, serrno;
     104        int len, serrno, tip;
    99105
     106        tip = 1;
    100107        root = 0;
    101108        arbitrator = geteuid();
     
    112119                        return (-1);
    113120                }
     121                if (tip && !S_ISREG(sb.st_mode)) {
     122                        openpam_log(PAM_LOG_ERROR,
     123                            "%s: not a regular file", pathbuf);
     124                        errno = EINVAL;
     125                        return (-1);
     126                }
    114127                if ((sb.st_uid != root && sb.st_uid != arbitrator) ||
    115128                    (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
     
    121134                while (--len > 0 && pathbuf[len] != '/')
    122135                        pathbuf[len] = '\0';
     136                tip = 0;
    123137        }
    124138        return (0);
Note: See TracChangeset for help on using the changeset viewer.