summaryrefslogtreecommitdiff
path: root/source/a/slocate/slocate.CVE-2007-0277.diff
blob: 4f109922f3dff67dd2e633aab43238c1f65ba918 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
--- slocate-3.1.orig/src/utils.c
+++ slocate-3.1/src/utils.c
@@ -524,6 +524,7 @@
 {
 	struct stat path_stat;
 	int ret = 0;
+	char *path_copy = NULL;
 	char *ptr = NULL;
 
 	if (lstat(path, &path_stat) == -1)
@@ -532,15 +533,25 @@
 	if (!S_ISLNK(path_stat.st_mode)) {
 		if (access(path, F_OK) != 0)
 		    goto EXIT;
-	} else if ((ptr = rindex(path, '/'))) {
-		*ptr = 0;
-		if (access(path, F_OK) == 0)
-		    ret = 1;
-		*ptr = '/';
-		goto EXIT;
 	}
 
+	/* "path" is const, so we shouldn't modify it.  Also, for speed,
+	 * I suspect strdup/free is less expensive than the deep access
+	 * checks... */
+	if (!(path_copy = strdup(path)))
+		goto EXIT;
+
 	ret = 1;
+
+	/* Each directory leading to the file (symlink or not) must be
+	 * readable for us to allow it to be listed in search results. */
+	while (ret && (ptr=rindex(path_copy,'/'))) {
+		*ptr=0;
+		if (*path_copy && access(path_copy, R_OK) != 0)
+		    ret = 0;
+	}
+	free(path_copy);
+
 EXIT:
 	return ret;
 }