diff options
| author | Andreas Schneider <asn@samba.org> | 2016-01-15 15:20:24 +0100 |
|---|---|---|
| committer | Michael Adam <obnox@samba.org> | 2016-01-18 11:06:29 +0100 |
| commit | 3b1d585468c7fbd6402f75e27096a19f3620b940 (patch) | |
| tree | a1056a5a8f901cf36301dd8e60ef280a7410f4fc | |
| parent | c91b2033bebe69ff5bab67c8db960ac5ec021268 (diff) | |
| download | pam_wrapper-3b1d585468c7fbd6402f75e27096a19f3620b940.tar.gz pam_wrapper-3b1d585468c7fbd6402f75e27096a19f3620b940.tar.xz pam_wrapper-3b1d585468c7fbd6402f75e27096a19f3620b940.zip | |
pwrap: Fix a possible timing issue in p_copy()
Do not rely on stat before open - it is racy.
Open directly and treat failure appropriately.
CID: 47518
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
| -rw-r--r-- | src/pam_wrapper.c | 25 |
1 files changed, 7 insertions, 18 deletions
diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c index 6b696cd..fddc7fa 100644 --- a/src/pam_wrapper.c +++ b/src/pam_wrapper.c @@ -533,32 +533,21 @@ static int p_copy(const char *src, const char *dst, const char *pdir, mode_t mod return -1; } - if (lstat(src, &sb) < 0) { - return -1; - } - - if (S_ISDIR(sb.st_mode)) { - errno = EISDIR; + srcfd = open(src, O_RDONLY, 0); + if (srcfd < 0) { return -1; } if (mode == 0) { - mode = sb.st_mode; - } - - if (lstat(dst, &sb) == 0) { - if (S_ISDIR(sb.st_mode)) { - errno = EISDIR; + rc = fstat(srcfd, &sb); + if (rc != 0) { return -1; } + mode = sb.st_mode; } - if ((srcfd = open(src, O_RDONLY, 0)) < 0) { - rc = -1; - goto out; - } - - if ((dstfd = open(dst, O_CREAT|O_WRONLY|O_TRUNC, mode)) < 0) { + dstfd = open(dst, O_CREAT|O_WRONLY|O_TRUNC, mode); + if (dstfd < 0) { rc = -1; goto out; } |