From a53d8337c13f485875cad24edf74b0287b37600b Mon Sep 17 00:00:00 2001 From: reinelt Date: Mon, 31 May 2004 06:24:42 +0000 Subject: [lcd4linux @ 2004-05-31 06:24:42 by reinelt] fixed symlink security issue with the image driver git-svn-id: https://ssl.bulix.org/svn/lcd4linux/trunk@450 3ae390bd-cb1e-0410-b409-cd5a39f66f1f --- drv_Image.c | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) (limited to 'drv_Image.c') diff --git a/drv_Image.c b/drv_Image.c index 8b6246a..82f4e9a 100644 --- a/drv_Image.c +++ b/drv_Image.c @@ -1,4 +1,4 @@ -/* $Id: drv_Image.c,v 1.2 2004/05/29 23:30:20 reinelt Exp $ +/* $Id: drv_Image.c,v 1.3 2004/05/31 06:24:42 reinelt Exp $ * * new style Image (PPM/PNG) Driver for LCD4Linux * @@ -23,6 +23,10 @@ * * * $Log: drv_Image.c,v $ + * Revision 1.3 2004/05/31 06:24:42 reinelt + * + * fixed symlink security issue with the image driver + * * Revision 1.2 2004/05/29 23:30:20 reinelt * * fixed a compiler issue with drv_Image.c (thanks to Frank Stratmann) @@ -149,7 +153,13 @@ static int drv_IMG_flush_PPM (void) snprintf (path, sizeof(path), output, seq++); qprintf(tmp, sizeof(tmp), "%s.tmp", path); - if ((fd = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, 0644))<0) { + // remove the file + unlink (tmp); + + // avoid symlink security hole: + // open it with O_EXCL will fail if the file exists. + // This should not happen because we just unlinked it. + if ((fd = open(tmp, O_WRONLY | O_CREAT | O_EXCL, 0644))<0) { error ("%s: open(%s) failed: %s", Name, tmp, strerror(errno)); return -1; } @@ -205,7 +215,7 @@ static int drv_IMG_flush_PNG (void) static int seq = 0; int xsize, ysize, row, col; char path[256], tmp[256]; - FILE *fp; + FILE *fp; int fd; gdImagePtr im; int bg, hg, fg; @@ -244,8 +254,20 @@ static int drv_IMG_flush_PNG (void) snprintf (path, sizeof(path), output, seq++); qprintf (tmp, sizeof(tmp), "%s.tmp", path); - if ((fp = fopen(tmp, "w")) == NULL) { - error("%s: fopen(%s) failed: %s\n", Name, tmp, strerror(errno)); + // remove the file + unlink (tmp); + + // avoid symlink security hole: + // open it with O_EXCL will fail if the file exists. + // This should not happen because we just unlinked it. + if ((fd = open(tmp, O_WRONLY | O_CREAT | O_EXCL, 0644))<0) { + error ("%s: open(%s) failed: %s", Name, tmp, strerror(errno)); + return -1; + } + + if ((fp = fdopen(fd, "w")) == NULL) { + error("%s: fdopen(%s) failed: %s\n", Name, tmp, strerror(errno)); + close (fd); return -1; } -- cgit v1.2.3