67 lines
1.5 KiB
Text
67 lines
1.5 KiB
Text
$NetBSD: patch-bb,v 1.5 2010/07/24 12:51:09 tron Exp $
|
|
|
|
Fix for security vulnerability reported in CVE-2009-1299, taken from here:
|
|
|
|
http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee
|
|
|
|
--- src/pulsecore/core-util.c.orig 2009-11-23 03:57:07.000000000 +0000
|
|
+++ src/pulsecore/core-util.c 2010-07-24 13:33:30.000000000 +0100
|
|
@@ -196,7 +196,7 @@
|
|
/** Creates a directory securely */
|
|
int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) {
|
|
struct stat st;
|
|
- int r, saved_errno;
|
|
+ int r, saved_errno, fd;
|
|
|
|
pa_assert(dir);
|
|
|
|
@@ -214,16 +214,45 @@
|
|
if (r < 0 && errno != EEXIST)
|
|
return -1;
|
|
|
|
-#ifdef HAVE_CHOWN
|
|
+#ifdef HAVE_FSTAT
|
|
+ if ((fd = open(dir,
|
|
+#ifdef O_CLOEXEC
|
|
+ O_CLOEXEC|
|
|
+#endif
|
|
+#ifdef O_NOCTTY
|
|
+ O_NOCTTY|
|
|
+#endif
|
|
+#ifdef O_NOFOLLOW
|
|
+ O_NOFOLLOW|
|
|
+#endif
|
|
+ O_RDONLY)) < 0)
|
|
+ goto fail;
|
|
+
|
|
+ if (fstat(fd, &st) < 0) {
|
|
+ pa_assert_se(pa_close(fd) >= 0);
|
|
+ goto fail;
|
|
+ }
|
|
+
|
|
+ if (!S_ISDIR(st.st_mode)) {
|
|
+ pa_assert_se(pa_close(fd) >= 0);
|
|
+ errno = EEXIST;
|
|
+ goto fail;
|
|
+ }
|
|
+
|
|
+#ifdef HAVE_FCHOWN
|
|
if (uid == (uid_t)-1)
|
|
uid = getuid();
|
|
if (gid == (gid_t)-1)
|
|
gid = getgid();
|
|
- (void) chown(dir, uid, gid);
|
|
+ (void) fchown(fd, uid, gid);
|
|
+#endif
|
|
+
|
|
+#ifdef HAVE_FCHMOD
|
|
+ (void) fchmod(fd, m);
|
|
#endif
|
|
|
|
-#ifdef HAVE_CHMOD
|
|
- chmod(dir, m);
|
|
+ pa_assert_se(pa_close(fd) >= 0);
|
|
+
|
|
#endif
|
|
|
|
#ifdef HAVE_LSTAT
|