diff options
| author | jilles <jilles@FreeBSD.org> | 2013-02-10 23:09:15 +0000 |
|---|---|---|
| committer | jilles <jilles@FreeBSD.org> | 2013-02-10 23:09:15 +0000 |
| commit | 05d82765f3ad4c7c551d964bb7039f1559f118ad (patch) | |
| tree | bbb1af868ec96ba9fff8388533b11dc24e6924ea /lib/libc | |
| parent | f24ec7b4ea849ae616cee98559659baa93f5763d (diff) | |
| download | FreeBSD-src-05d82765f3ad4c7c551d964bb7039f1559f118ad.zip FreeBSD-src-05d82765f3ad4c7c551d964bb7039f1559f118ad.tar.gz | |
fts: Use O_DIRECTORY when opening name that might be changed by attacker.
There are uncommon cases where fts_safe_changedir() may be called with a
non-NULL name that is not "..". Do not block or worse if an attacker put (a
(symlink to) a fifo or device where a directory used to be.
MFC after: 1 week
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/gen/fts.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/libc/gen/fts.c b/lib/libc/gen/fts.c index 243320c..d15be06 100644 --- a/lib/libc/gen/fts.c +++ b/lib/libc/gen/fts.c @@ -1119,7 +1119,8 @@ fts_safe_changedir(FTS *sp, FTSENT *p, int fd, char *path) newfd = fd; if (ISSET(FTS_NOCHDIR)) return (0); - if (fd < 0 && (newfd = _open(path, O_RDONLY | O_CLOEXEC, 0)) < 0) + if (fd < 0 && (newfd = _open(path, O_RDONLY | O_DIRECTORY | + O_CLOEXEC, 0)) < 0) return (-1); if (_fstat(newfd, &sb)) { ret = -1; |
