From patchwork Thu Aug 8 19:40:49 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yann Droneaud X-Patchwork-Id: 2841358 Return-Path: X-Original-To: patchwork-linux-rdma@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id CEEA19F271 for ; Thu, 8 Aug 2013 19:53:06 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 8C47620362 for ; Thu, 8 Aug 2013 19:53:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2ABA720375 for ; Thu, 8 Aug 2013 19:53:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752563Ab3HHTw4 (ORCPT ); Thu, 8 Aug 2013 15:52:56 -0400 Received: from smtp24.services.sfr.fr ([93.17.128.84]:16274 "EHLO smtp24.services.sfr.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757968Ab3HHTwz (ORCPT ); Thu, 8 Aug 2013 15:52:55 -0400 Received: from filter.sfr.fr (localhost [127.0.0.1]) by msfrf2401.sfr.fr (SMTP Server) with ESMTP id 4F12A7000044; Thu, 8 Aug 2013 21:42:49 +0200 (CEST) Received: from localhost.localdomain (187.20.90.92.rev.sfr.net [92.90.20.187]) by msfrf2401.sfr.fr (SMTP Server) with ESMTP id CC4FC7000042; Thu, 8 Aug 2013 21:42:48 +0200 (CEST) X-SFR-UUID: 20130808194248836.CC4FC7000042@msfrf2401.sfr.fr Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by localhost.localdomain (8.14.7/8.14.7) with ESMTP id r78JglkD003071; Thu, 8 Aug 2013 21:42:47 +0200 Received: (from ydroneaud@localhost) by localhost.localdomain (8.14.7/8.14.7/Submit) id r78JglNg003070; Thu, 8 Aug 2013 21:42:47 +0200 From: Yann Droneaud To: linux-rdma@vger.kernel.org Cc: Yann Droneaud Subject: [PATCH libibverbs v2 06/11] read_config_file(): check opened file Date: Thu, 8 Aug 2013 21:40:49 +0200 Message-Id: X-Mailer: git-send-email 1.8.3.1 In-Reply-To: References: In-Reply-To: References: MIME-Version: 1.0 Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Use fstat() to check the parameters of the opened file instead of checking the path. This is basic Time-Of-Check / Time-Of-Use (TOCTOU) issue. Weakness addressed: - CWE-363: Race Condition Enabling Link Following - CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition Secure coding: - FIO01-C. Be careful using functions that use file names for identification Signed-off-by: Yann Droneaud --- src/init.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/init.c b/src/init.c index c260628..150adcf 100644 --- a/src/init.c +++ b/src/init.c @@ -246,23 +246,23 @@ static void read_config_file(int conf_dirfd, const char *name) ssize_t len; struct stat buf; - if (fstatat(conf_dirfd, name, &buf, 0)) { - fprintf(stderr, PFX "Warning: couldn't stat config file '%s/%s'.\n", + fd = openat(conf_dirfd, name, O_RDONLY | O_CLOEXEC); + if (fd == -1) { + fprintf(stderr, PFX "Warning: couldn't read config file '%s/%s'.\n", IBV_CONFIG_DIR, name); return; } - if (!S_ISREG(buf.st_mode)) { - fprintf(stderr, PFX "Warning: invalid config file '%s/%s'.\n", + if (fstat(fd, &buf)) { + fprintf(stderr, PFX "Warning: couldn't stat config file '%s/%s'.\n", IBV_CONFIG_DIR, name); - return; + goto out; } - fd = openat(conf_dirfd, name, O_RDONLY | O_CLOEXEC); - if (fd == -1) { - fprintf(stderr, PFX "Warning: couldn't read config file '%s/%s'.\n", + if (!S_ISREG(buf.st_mode)) { + fprintf(stderr, PFX "Warning: invalid config file '%s/%s'.\n", IBV_CONFIG_DIR, name); - return; + goto out; } conf = fdopen(fd, "r" STREAM_CLOEXEC);