Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/usr.sbin/lpr/common_source Pull up revision 1.22 (reque...
details: https://anonhg.NetBSD.org/src/rev/554d2c8d9952
branches: netbsd-1-5
changeset: 491396:554d2c8d9952
user: he <he%NetBSD.org@localhost>
date: Thu Apr 26 08:12:47 2001 +0000
description:
Pull up revision 1.22 (requested by wiz):
Fix possible security problem (euid swapout in error handling).
diffstat:
usr.sbin/lpr/common_source/common.c | 13 ++++++++-----
1 files changed, 8 insertions(+), 5 deletions(-)
diffs (45 lines):
diff -r 6ddc64dd51bc -r 554d2c8d9952 usr.sbin/lpr/common_source/common.c
--- a/usr.sbin/lpr/common_source/common.c Wed Apr 25 14:37:33 2001 +0000
+++ b/usr.sbin/lpr/common_source/common.c Thu Apr 26 08:12:47 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: common.c,v 1.20 2000/04/25 02:34:49 itojun Exp $ */
+/* $NetBSD: common.c,v 1.20.4.1 2001/04/26 08:12:47 he Exp $ */
/*
* Copyright (c) 1983, 1993
@@ -43,7 +43,7 @@
#if 0
static char sccsid[] = "@(#)common.c 8.5 (Berkeley) 4/28/95";
#else
-__RCSID("$NetBSD: common.c,v 1.20 2000/04/25 02:34:49 itojun Exp $");
+__RCSID("$NetBSD: common.c,v 1.20.4.1 2001/04/26 08:12:47 he Exp $");
#endif
#endif /* not lint */
@@ -234,11 +234,12 @@
u_int nitems, arraysz;
seteuid(euid);
- if ((dirp = opendir(SD)) == NULL)
+ dirp = opendir(SD);
+ seteuid(uid);
+ if (dirp == NULL)
return(-1);
if (fstat(dirp->dd_fd, &stbuf) < 0)
goto errdone;
- seteuid(uid);
/*
* Estimate the array size by taking the size of the directory file
@@ -254,8 +255,10 @@
if (d->d_name[0] != 'c' || d->d_name[1] != 'f')
continue; /* daemon control files only */
seteuid(euid);
- if (stat(d->d_name, &stbuf) < 0)
+ if (stat(d->d_name, &stbuf) < 0) {
+ seteuid(uid);
continue; /* Doesn't exist */
+ }
seteuid(uid);
q = (struct queue *)malloc(sizeof(time_t)+strlen(d->d_name)+1);
if (q == NULL)
Home |
Main Index |
Thread Index |
Old Index