svn commit: r248650 - stable/9/lib/libc/gen

Sat Mar 23 15:50:35 UTC 2013

Author: jilles
Date: Sat Mar 23 15:50:34 2013
New Revision: 248650
URL: http://svnweb.freebsd.org/changeset/base/248650

Log:
  MFC r246641: fts: Use O_DIRECTORY when opening name that might be changed by
  attacker.
  
  There are uncommon cases where fts_safe_changedir() may be called with a
  non-NULL name that is not "..". Do not block or worse if an attacker put (a
  symlink to) a fifo or device where a directory used to be.

Modified:
  stable/9/lib/libc/gen/fts.c
Directory Properties:
  stable/9/lib/libc/   (props changed)

Modified: stable/9/lib/libc/gen/fts.c
==============================================================================

--- stable/9/lib/libc/gen/fts.c	Sat Mar 23 15:11:53 2013	(r248649)
+++ stable/9/lib/libc/gen/fts.c	Sat Mar 23 15:50:34 2013	(r248650)
@@ -1147,7 +1147,8 @@ fts_safe_changedir(sp, p, fd, path)
 	newfd = fd;
 	if (ISSET(FTS_NOCHDIR))
 		return (0);
-	if (fd < 0 && (newfd = _open(path, O_RDONLY | O_CLOEXEC, 0)) < 0)
+	if (fd < 0 && (newfd = _open(path, O_RDONLY | O_DIRECTORY |
+	    O_CLOEXEC, 0)) < 0)
 		return (-1);
 	if (_fstat(newfd, &sb)) {
 		ret = -1;
