[Openvas-commits] r1551 - in trunk/openvas-libnasl: . nasl

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Oct 15 22:51:56 CEST 2008 

Author: timb
Date: 2008-10-15 22:51:54 +0200 (Wed, 15 Oct 2008)
New Revision: 1551

Modified:
   trunk/openvas-libnasl/ChangeLog
   trunk/openvas-libnasl/nasl/nasl_cmd_exec.c
Log:
In the case where lstat reports that the file passed to the fwrite NASL function does not exist, we now open() it with O_EXCL. This prevents the case where a symlink could be slipped in between the fstat() call and the open() because open() didn't guarantee that the file or in our case symlink hadn't been made in the mean time


Modified: trunk/openvas-libnasl/ChangeLog
===================================================================
--- trunk/openvas-libnasl/ChangeLog	2008-10-15 17:56:48 UTC (rev 1550)
+++ trunk/openvas-libnasl/ChangeLog	2008-10-15 20:51:54 UTC (rev 1551)
@@ -1,3 +1,12 @@
+2008-10-15  Tim Brown <timb at nth-dimension.org.uk>
+
+	* nasl/nasl_cmd_exec.c: In the case where lstat reports
+	that the file passed to the fwrite NASL function does not
+	exist, we now open() it with O_EXCL. This prevents the case
+	where a symlink could be slipped in between the fstat() call
+	and the open() because open() didn't guarantee that the file
+	or in our case symlink hadn't been made in the mean time.
+
 2008-10-14  Tim Brown <timb at nth-dimension.org.uk>
 
 	* nasl/nasl_cmd_exec.c: Now closes the file descripter and 

Modified: trunk/openvas-libnasl/nasl/nasl_cmd_exec.c
===================================================================
--- trunk/openvas-libnasl/nasl/nasl_cmd_exec.c	2008-10-15 17:56:48 UTC (rev 1550)
+++ trunk/openvas-libnasl/nasl/nasl_cmd_exec.c	2008-10-15 20:51:54 UTC (rev 1551)
@@ -253,13 +253,13 @@
       nasl_perror(lexic, "fread: %s: %s\n", fname, strerror(errno));
       return NULL;
     }
-    fd = open(fname, O_RDONLY, 0600);
+    fd = open(fname, O_RDONLY|O_EXCL, 0600);
     if (fd < 0) {
       nasl_perror(lexic, "fread: %s: %s\n", fname, strerror(errno));
       return NULL;
     }
   } else {
-    fd = open(fname, O_RDONLY, 0600);
+    fd = open(fname, O_RDONLY|O_EXCL, 0600);
     if (fd < 0) {
       nasl_perror(lexic, "fread: %s: possible symlink attack!?! %s\n", fname, strerror(errno));
       return NULL;
@@ -386,7 +386,7 @@
       nasl_perror(lexic, "fwrite: %s: %s\n", fname, strerror(errno));
       return NULL;
     }
-    fd = open(fname, O_WRONLY|O_CREAT, 0600);
+    fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0600);
     if (fd < 0) {
       nasl_perror(lexic, "fwrite: %s: %s\n", fname, strerror(errno));
       return NULL;

More information about the Openvas-commits mailing list