Okay, now write_file never trusts symlinks at all, no chance of spelling symlink attack :)

git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@360 35c25a1d-7b9e-4130-9fde-d3aeb78583b8
2000-12-02 03:06:37 +00:00 · 2000-12-02 03:06:37 +00:00 · 331fc7a6f4
parent c5174aaef3
commit 331fc7a6f4
2 changed files with 2 additions and 2 deletions
--- a/files.c
+++ b/files.c
@ -327,7 +327,7 @@ int write_file(char *name, int tmp)
    lstat(realname, &st);

    /* Open the file and truncate it.  Trust the symlink. */
-    if ((ISSET(FOLLOW_SYMLINKS) || !S_ISLNK(st.st_mode)) && !tmp) {
+    if (!tmp && (ISSET(FOLLOW_SYMLINKS) || !S_ISLNK(st.st_mode))) {

 	if ((fd = open(realname, O_WRONLY | O_CREAT | O_TRUNC,
 		       S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH |
--- a/po/nano.pot
+++ b/po/nano.pot
@ -6,7 +6,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2000-12-01 21:39-0500\n"
+"POT-Creation-Date: 2000-12-01 22:06-0500\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"