diff options
| author | reinelt <reinelt@3ae390bd-cb1e-0410-b409-cd5a39f66f1f> | 2004-05-31 06:24:42 +0000 |
|---|---|---|
| committer | reinelt <reinelt@3ae390bd-cb1e-0410-b409-cd5a39f66f1f> | 2004-05-31 06:24:42 +0000 |
| commit | a53d8337c13f485875cad24edf74b0287b37600b (patch) | |
| tree | 9dc0b3dd899d3ce3bee854496962f756458260f7 /drv_Image.c | |
| parent | ea5453f570c5186379745a10054280f47a809299 (diff) | |
| download | lcd4linux-a53d8337c13f485875cad24edf74b0287b37600b.tar.gz | |
[lcd4linux @ 2004-05-31 06:24:42 by reinelt]
fixed symlink security issue with the image driver
git-svn-id: https://ssl.bulix.org/svn/lcd4linux/trunk@450 3ae390bd-cb1e-0410-b409-cd5a39f66f1f
Diffstat (limited to 'drv_Image.c')
| -rw-r--r-- | drv_Image.c | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/drv_Image.c b/drv_Image.c index 8b6246a..82f4e9a 100644 --- a/drv_Image.c +++ b/drv_Image.c @@ -1,4 +1,4 @@ -/* $Id: drv_Image.c,v 1.2 2004/05/29 23:30:20 reinelt Exp $ +/* $Id: drv_Image.c,v 1.3 2004/05/31 06:24:42 reinelt Exp $ * * new style Image (PPM/PNG) Driver for LCD4Linux * @@ -23,6 +23,10 @@ * * * $Log: drv_Image.c,v $ + * Revision 1.3 2004/05/31 06:24:42 reinelt + * + * fixed symlink security issue with the image driver + * * Revision 1.2 2004/05/29 23:30:20 reinelt * * fixed a compiler issue with drv_Image.c (thanks to Frank Stratmann) @@ -149,7 +153,13 @@ static int drv_IMG_flush_PPM (void) snprintf (path, sizeof(path), output, seq++); qprintf(tmp, sizeof(tmp), "%s.tmp", path); - if ((fd = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, 0644))<0) { + // remove the file + unlink (tmp); + + // avoid symlink security hole: + // open it with O_EXCL will fail if the file exists. + // This should not happen because we just unlinked it. + if ((fd = open(tmp, O_WRONLY | O_CREAT | O_EXCL, 0644))<0) { error ("%s: open(%s) failed: %s", Name, tmp, strerror(errno)); return -1; } @@ -205,7 +215,7 @@ static int drv_IMG_flush_PNG (void) static int seq = 0; int xsize, ysize, row, col; char path[256], tmp[256]; - FILE *fp; + FILE *fp; int fd; gdImagePtr im; int bg, hg, fg; @@ -244,8 +254,20 @@ static int drv_IMG_flush_PNG (void) snprintf (path, sizeof(path), output, seq++); qprintf (tmp, sizeof(tmp), "%s.tmp", path); - if ((fp = fopen(tmp, "w")) == NULL) { - error("%s: fopen(%s) failed: %s\n", Name, tmp, strerror(errno)); + // remove the file + unlink (tmp); + + // avoid symlink security hole: + // open it with O_EXCL will fail if the file exists. + // This should not happen because we just unlinked it. + if ((fd = open(tmp, O_WRONLY | O_CREAT | O_EXCL, 0644))<0) { + error ("%s: open(%s) failed: %s", Name, tmp, strerror(errno)); + return -1; + } + + if ((fp = fdopen(fd, "w")) == NULL) { + error("%s: fdopen(%s) failed: %s\n", Name, tmp, strerror(errno)); + close (fd); return -1; } |