ariadne
/
pkgconf
3
6
Fork 4
Code Issues 6 Pull Requests 2 Projects Releases 2 Wiki Activity

libpkgconf: use a better check instead of stat() for pkg-config file iteration, avoiding a TOCTOU race condition identified by coverity

pull/116/head
William Pitcock 2017-01-23 12:42:13 -06:00
parent eacc5463c3
commit e87595b3d1
1 changed files with 1 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libpkgconf/pkg.c
View File

@ -16,10 +16,6 @@
#include <libpkgconf/config.h>
#include <libpkgconf/libpkgconf.h>
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
/*
* !doc
*
@ -450,22 +446,14 @@ pkgconf_pkg_scan_dir(pkgconf_client_t *client, const char *path, void *data, pkg
static char filebuf[PKGCONF_BUFSIZE];
pkgconf_pkg_t *pkg;
FILE *f;
#ifdef HAVE_SYS_STAT_H
struct stat st;
#endif
pkgconf_strlcpy(filebuf, path, sizeof filebuf);
pkgconf_strlcat(filebuf, "/", sizeof filebuf);
pkgconf_strlcat(filebuf, dirent->d_name, sizeof filebuf);
#ifdef HAVE_SYS_STAT_H
if (stat(filebuf, &st) == -1)
if (!str_has_suffix(filebuf, PKG_CONFIG_EXT))
continue;
if (!(S_ISREG(st.st_mode)))
continue;
#endif
f = fopen(filebuf, "r");
if (f == NULL)
continue;