diff options
author | imp <imp@FreeBSD.org> | 1997-07-18 18:33:15 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 1997-07-18 18:33:15 +0000 |
commit | 78429cea51d55c08251f478caf95209a3e1d6758 (patch) | |
tree | 0f4336ed2328d1e92c78a120215b90e2accda18f /usr.sbin | |
parent | 7644022078130377b15de7fe8d1a750fedbe4fdf (diff) | |
download | FreeBSD-src-78429cea51d55c08251f478caf95209a3e1d6758.zip FreeBSD-src-78429cea51d55c08251f478caf95209a3e1d6758.tar.gz |
Fix a problem where remote files could be removed by exploiting race
conditions similar to those reported in CERT's CA-91:10a advisory.
Obtained from: Hiroshi NAKANO <nakano@rins.ryukoku.ac.jp> by way of CERT.
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/lpr/common_source/rmjob.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/usr.sbin/lpr/common_source/rmjob.c b/usr.sbin/lpr/common_source/rmjob.c index 5497ca2..e4f068b 100644 --- a/usr.sbin/lpr/common_source/rmjob.c +++ b/usr.sbin/lpr/common_source/rmjob.c @@ -191,6 +191,8 @@ process(file) while (getline(cfp)) { switch (line[0]) { case 'U': /* unlink associated files */ + if (strchr(line+1, '/') || strncmp(line+1, "df", 2)) + break; if (from != host) printf("%s: ", host); printf(unlink(line+1) ? "cannot dequeue %s\n" : |