external/cde
1
0
Fork 0
mirror of git://git.code.sf.net/p/cdesktopenv/code synced 2025-02-15 04:32:24 +00:00
Code Issues Releases Wiki Activity

Reimplement reverted commit 7fa35c to fix readlink() issues

Browse source 
Original implementation:

Commit: 7fa35cA
dtfile: coverity CIDs 88363,88405,89140,89612; insecure readlink

That commit caused dtfile to be unable to resolve symbolic links and
was later reverted.  This commit reimplements the fixes correctly, and
should hopefully still resolve the coverity issues as well.
This commit is contained in:
Jon Trulson 2018-04-10 19:05:56 -06:00
parent 10468068ac
commit 56b53a30a1
3 changed files with 11 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
cde/programs/dtfile/Directory.c
View file

@ -823,9 +823,9 @@ ReadFileData(
stat_result = lstat (link_file_name, &stat_buf); stat_result = lstat (link_file_name, &stat_buf);
if (stat_result == 0 && (stat_buf.st_mode & S_IFMT) == S_IFLNK) if (stat_result == 0 && (stat_buf.st_mode & S_IFMT) == S_IFLNK)
{ {
while ((link_len = readlink(link_file_name, link_path, MAX_PATH)) > 0) while ((link_len = readlink(link_file_name, link_path, MAX_PATH - 1)) > 0)
{ {
link_path[link_len] = '\0'; link_path[link_len] = 0;
link_list = (char **)XtRealloc((char *)link_list, sizeof(char *) * link_list = (char **)XtRealloc((char *)link_list, sizeof(char *) *
(link_count + 2)); (link_count + 2));
@ -1069,9 +1069,9 @@ ReadFileData2(
stat_result = lstat (link_file_name, &stat_buf); stat_result = lstat (link_file_name, &stat_buf);
if ((stat_buf.st_mode & S_IFMT) == S_IFLNK) if ((stat_buf.st_mode & S_IFMT) == S_IFLNK)
{ {
while ((link_len = readlink(link_file_name, link_path, MAX_PATH)) > 0) while ((link_len = readlink(link_file_name, link_path, MAX_PATH - 1)) > 0)
{ {
link_path[link_len] = NILL; link_path[link_len] = 0;
link_list = (char **)XtRealloc((char *)link_list, sizeof(char *) * link_list = (char **)XtRealloc((char *)link_list, sizeof(char *) *
(link_count + 2)); (link_count + 2));

4
cde/programs/dtfile/SharedProcs.c
View file

@ -234,9 +234,9 @@ _DtFollowLink (
strcpy(file, path); strcpy(file, path);
while ((link_len = readlink(file, link_path, MAXPATHLEN)) > 0) while ((link_len = readlink(file, link_path, MAXPATHLEN - 1)) > 0)
{ {
link_path[link_len] = '\0'; link_path[link_len] = 0;
/* Force the link to be an absolute path, if necessary */ /* Force the link to be an absolute path, if necessary */
if (link_path[0] != '/') if (link_path[0] != '/')

7
cde/programs/dtfile/dtcopy/fsrtns.c
View file

@ -179,15 +179,18 @@ CopyLink(char *sourceP, char *targetP, int repl, struct stat *statP)
/* copy a symbolic link */ /* copy a symbolic link */
{ {
int l, rc; int l, rc;
char buf[1024]; char buf[PATH_MAX];
do { do {
errno = 0; errno = 0;
l = readlink(sourceP, buf, sizeof(buf)); l = readlink(sourceP, buf, PATH_MAX - 1);
} while (l < 0 && errno == EINTR); } while (l < 0 && errno == EINTR);
if (l < 0) if (l < 0)
return errno; return errno;
buf[l] = 0; buf[l] = 0;
if (symlink(buf, targetP) == 0) if (symlink(buf, targetP) == 0)
return 0; return 0;
else if (errno != EEXIST || !repl) else if (errno != EEXIST || !repl)