external/cde
1
0
Fork 0
mirror of git://git.code.sf.net/p/cdesktopenv/code synced 2025-02-15 04:32:24 +00:00
Code Issues Releases Wiki Activity

dm_server.C: fix CERT VU#975403/VU#299816

Browse source
This commit is contained in:
Jon Trulson 2012-05-26 18:24:31 -06:00
parent 8e4e53f4b9
commit 3231696f03
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
cde/lib/tt/bin/ttdbserverd/dm_server.C
View file

@ -1514,6 +1514,24 @@ _tt_transaction_1(_Tt_transaction_args* args, SVCXPRT * /* transp */)
if (access(_tt_log_file, F_OK) == 0) { if (access(_tt_log_file, F_OK) == 0) {
_tt_process_transaction(); _tt_process_transaction();
} }
// JET - 06/24/2002 VU#975403/VU#299816 - CERT TT
// vulnerability. check for the presence of a
// symlink. Abort (nicely) if there.
if(lstat(_tt_log_file, &buf) != -1)
{ // present
if (S_ISLNK(buf.st_mode))
{ // it's a symlink. Oops.
_tt_syslog(errstr, LOG_ERR,
"%s: _tt_log_file is a symlink. Aborting.",
here );
res.result = -1;
res.iserrno = DM_ACCESS_DENIED;
return(&res);
}
}
if ((fd = open(_tt_log_file, O_RDWR | O_CREAT, S_IREAD + S_IWRITE)) if ((fd = open(_tt_log_file, O_RDWR | O_CREAT, S_IREAD + S_IWRITE))
== -1) { == -1) {
res.iserrno = DM_WRITE_FAILED; res.iserrno = DM_WRITE_FAILED;