summaryrefslogtreecommitdiff
path: root/source/a/slocate/slocate.CVE-2007-0277.diff
diff options
context:
space:
mode:
Diffstat (limited to 'source/a/slocate/slocate.CVE-2007-0277.diff')
-rw-r--r--source/a/slocate/slocate.CVE-2007-0277.diff42
1 files changed, 42 insertions, 0 deletions
diff --git a/source/a/slocate/slocate.CVE-2007-0277.diff b/source/a/slocate/slocate.CVE-2007-0277.diff
new file mode 100644
index 00000000..4f109922
--- /dev/null
+++ b/source/a/slocate/slocate.CVE-2007-0277.diff
@@ -0,0 +1,42 @@
+--- slocate-3.1.orig/src/utils.c
++++ slocate-3.1/src/utils.c
+@@ -524,6 +524,7 @@
+ {
+ struct stat path_stat;
+ int ret = 0;
++ char *path_copy = NULL;
+ char *ptr = NULL;
+
+ if (lstat(path, &path_stat) == -1)
+@@ -532,15 +533,25 @@
+ if (!S_ISLNK(path_stat.st_mode)) {
+ if (access(path, F_OK) != 0)
+ goto EXIT;
+- } else if ((ptr = rindex(path, '/'))) {
+- *ptr = 0;
+- if (access(path, F_OK) == 0)
+- ret = 1;
+- *ptr = '/';
+- goto EXIT;
+ }
+
++ /* "path" is const, so we shouldn't modify it. Also, for speed,
++ * I suspect strdup/free is less expensive than the deep access
++ * checks... */
++ if (!(path_copy = strdup(path)))
++ goto EXIT;
++
+ ret = 1;
++
++ /* Each directory leading to the file (symlink or not) must be
++ * readable for us to allow it to be listed in search results. */
++ while (ret && (ptr=rindex(path_copy,'/'))) {
++ *ptr=0;
++ if (*path_copy && access(path_copy, R_OK) != 0)
++ ret = 0;
++ }
++ free(path_copy);
++
+ EXIT:
+ return ret;
+ }
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-04 18:21:39 +0000