ericonr
/
erm
mirror of https://github.com/ericonr/erm.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Protect directory traversal from TOCTOU issues. 

This is usually not being run as root so it isn't a security
vulnerability, but in the interest of security, we should open the
directory using open() with the appropriate flags to avoid following a
symlink erroneously.

Inspired by [1].

[1] https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
This commit is contained in:
Érico Nogueira 2022-01-21 15:27:32 -03:00
parent 37e4158aa8
commit 3f72eb9f5f
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
remove.c
View File

@ -138,8 +138,8 @@ static void *process_queue_item(void *arg)
while (1) {
queue_remove(q, &t);
DIR *d;
while (!(d = opendir(t.path))) {
int dfd;
while ((dfd = open(t.path, O_RDONLY|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC)) < 0) {
if (errno == EMFILE) {
pthread_mutex_lock(&fd_mtx);
pthread_cond_wait(&fd_cond, &fd_mtx);
@ -149,7 +149,7 @@ static void *process_queue_item(void *arg)
break;
}
}
int dfd = dirfd(d);
DIR *d = fdopendir(dfd);
struct task *p = NULL;
unsigned n = 0;