diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2012-09-26 01:10:42 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-05-31 22:51:55 +0200 |
commit | 9664bee729d487bcc0a0bc35859f8e13d5421c75 (patch) | |
tree | b428a16618e36ed864a8d76ea3435e19a452bf90 /source/a/slocate/slocate.CVE-2007-0277.diff | |
parent | 75a4a592e5ccda30715f93563d741b83e0dcf39e (diff) | |
download | current-9664bee729d487bcc0a0bc35859f8e13d5421c75.tar.gz |
Slackware 14.0slackware-14.0
Wed Sep 26 01:10:42 UTC 2012
Slackware 14.0 x86_64 stable is released!
We're perfectionists here at Slackware, so this release has been a long
time a-brewing. But we think you'll agree that it was worth the wait.
Slackware 14.0 combines modern components, ease of use, and flexible
configuration... our "KISS" philosophy demands it.
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
Thanks to everyone who helped make this happen. The Slackware team, the
upstream developers, and (of course) the awesome Slackware user
community.
Have fun! :-)
Diffstat (limited to 'source/a/slocate/slocate.CVE-2007-0277.diff')
-rw-r--r-- | source/a/slocate/slocate.CVE-2007-0277.diff | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/source/a/slocate/slocate.CVE-2007-0277.diff b/source/a/slocate/slocate.CVE-2007-0277.diff new file mode 100644 index 00000000..4f109922 --- /dev/null +++ b/source/a/slocate/slocate.CVE-2007-0277.diff @@ -0,0 +1,42 @@ +--- slocate-3.1.orig/src/utils.c ++++ slocate-3.1/src/utils.c +@@ -524,6 +524,7 @@ + { + struct stat path_stat; + int ret = 0; ++ char *path_copy = NULL; + char *ptr = NULL; + + if (lstat(path, &path_stat) == -1) +@@ -532,15 +533,25 @@ + if (!S_ISLNK(path_stat.st_mode)) { + if (access(path, F_OK) != 0) + goto EXIT; +- } else if ((ptr = rindex(path, '/'))) { +- *ptr = 0; +- if (access(path, F_OK) == 0) +- ret = 1; +- *ptr = '/'; +- goto EXIT; + } + ++ /* "path" is const, so we shouldn't modify it. Also, for speed, ++ * I suspect strdup/free is less expensive than the deep access ++ * checks... */ ++ if (!(path_copy = strdup(path))) ++ goto EXIT; ++ + ret = 1; ++ ++ /* Each directory leading to the file (symlink or not) must be ++ * readable for us to allow it to be listed in search results. */ ++ while (ret && (ptr=rindex(path_copy,'/'))) { ++ *ptr=0; ++ if (*path_copy && access(path_copy, R_OK) != 0) ++ ret = 0; ++ } ++ free(path_copy); ++ + EXIT: + return ret; + } |