mirror of https://github.com/ericonr/erm.git
Protect directory traversal from TOCTOU issues.
This is usually not being run as root so it isn't a security vulnerability, but in the interest of security, we should open the directory using open() with the appropriate flags to avoid following a symlink erroneously. Inspired by [1]. [1] https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
This commit is contained in:
parent
37e4158aa8
commit
3f72eb9f5f
6
remove.c
6
remove.c
|
@ -138,8 +138,8 @@ static void *process_queue_item(void *arg)
|
|||
while (1) {
|
||||
queue_remove(q, &t);
|
||||
|
||||
DIR *d;
|
||||
while (!(d = opendir(t.path))) {
|
||||
int dfd;
|
||||
while ((dfd = open(t.path, O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC)) < 0) {
|
||||
if (errno == EMFILE) {
|
||||
pthread_mutex_lock(&fd_mtx);
|
||||
pthread_cond_wait(&fd_cond, &fd_mtx);
|
||||
|
@ -149,7 +149,7 @@ static void *process_queue_item(void *arg)
|
|||
break;
|
||||
}
|
||||
}
|
||||
int dfd = dirfd(d);
|
||||
DIR *d = fdopendir(dfd);
|
||||
|
||||
struct task *p = NULL;
|
||||
unsigned n = 0;
|
||||
|
|
Loading…
Reference in New Issue