Moved stat() (checking the file permissions) to wicket_create().
Showing
1 changed file
with
10 additions
and
6 deletions
| ... | @@ -52,9 +52,19 @@ static int get_user __P ((url_t, const char *, char **)); | ... | @@ -52,9 +52,19 @@ static int get_user __P ((url_t, const char *, char **)); |
| 52 | int | 52 | int |
| 53 | wicket_create (wicket_t *pwicket, const char *filename) | 53 | wicket_create (wicket_t *pwicket, const char *filename) |
| 54 | { | 54 | { |
| 55 | struct stat st; | ||
| 56 | |||
| 55 | if (pwicket == NULL) | 57 | if (pwicket == NULL) |
| 56 | return EINVAL; | 58 | return EINVAL; |
| 57 | 59 | ||
| 60 | if (filename) | ||
| 61 | { | ||
| 62 | if (stat (filename, &st) == -1) | ||
| 63 | return errno; | ||
| 64 | if ((st.st_mode & S_IRWXG) || (st.st_mode & S_IRWXO)) | ||
| 65 | return MU_ERR_UNSAFE_PERMS; | ||
| 66 | } | ||
| 67 | |||
| 58 | *pwicket = calloc (1, sizeof (**pwicket)); | 68 | *pwicket = calloc (1, sizeof (**pwicket)); |
| 59 | if (*pwicket == NULL) | 69 | if (*pwicket == NULL) |
| 60 | return ENOMEM; | 70 | return ENOMEM; |
| ... | @@ -249,16 +259,10 @@ get_ticket (url_t url, const char *user, const char *filename, url_t * ticket) | ... | @@ -249,16 +259,10 @@ get_ticket (url_t url, const char *user, const char *filename, url_t * ticket) |
| 249 | FILE *fp = NULL; | 259 | FILE *fp = NULL; |
| 250 | size_t buflen = 128; | 260 | size_t buflen = 128; |
| 251 | char *buf = NULL; | 261 | char *buf = NULL; |
| 252 | struct stat st; | ||
| 253 | 262 | ||
| 254 | if (!filename || !url) | 263 | if (!filename || !url) |
| 255 | return EINVAL; | 264 | return EINVAL; |
| 256 | 265 | ||
| 257 | if (stat (filename, &st) == -1) | ||
| 258 | return errno; | ||
| 259 | if ((st.st_mode & S_IRWXG) || (st.st_mode & S_IRWXO)) | ||
| 260 | return MU_ERR_UNSAFE_PERMS; | ||
| 261 | |||
| 262 | fp = fopen (filename, "r"); | 266 | fp = fopen (filename, "r"); |
| 263 | 267 | ||
| 264 | if (!fp) | 268 | if (!fp) | ... | ... |
-
Please register or sign in to post a comment