DeforaNetworks/zzuf
3
0
Fork 0
Code Releases Activity

* Avoid a potential shared library attack by never looking for libzzuf in

Browse Source 
the current directory.
This commit is contained in:
Sam Hocevar 2008-06-20 06:05:13 +00:00 committed by sam
parent 23271396db
commit 7711565c5d
1 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/zzuf.c
View File

@ -917,8 +917,8 @@ static int run_process(struct opts *opts, int pipes[][2])
STARTUPINFO sinfo; STARTUPINFO sinfo;
HANDLE pid; HANDLE pid;
void *epaddr; void *epaddr;
#endif
int ret; int ret;
#endif
#if defined HAVE_FORK #if defined HAVE_FORK
/* Fork and launch child */ /* Fork and launch child */
@ -970,18 +970,21 @@ static int run_process(struct opts *opts, int pipes[][2])
setenv("ZZUF_MAXRATIO", buf, 1); setenv("ZZUF_MAXRATIO", buf, 1);
#if defined HAVE_FORK #if defined HAVE_FORK
/* Meaningless but makes sure there is space for everything */ /* Make sure there is space for everything we might do. */
libpath = malloc(len + strlen(LIBDIR "/.libs/" FILENAME EXTRAINFO) + 1); libpath = malloc(len + strlen(LIBDIR "/.libs/" FILENAME EXTRAINFO) + 1);
strcpy(libpath, opts->oldargv[0]); strcpy(libpath, opts->oldargv[0]);
/* Replace "/path/binaryname" with "/path/.libs/libzzuf.$(EXT)" /* If the binary name contains a '/', we look for a libzzuf in the
* and "binaryname" with ".libs/libzzuf.$(EXT)" * same directory. Otherwise, we only look into the system directory
* Write the result in libpath. */ * to avoid shared library attacks. Write the result in libpath. */
tmp = strrchr(libpath, '/'); tmp = strrchr(libpath, '/');
strcpy(tmp ? tmp + 1 : libpath, ".libs/" FILENAME); if(tmp)
{
ret = access(libpath, R_OK); strcpy(tmp + 1, ".libs/" FILENAME);
if(ret < 0) if(access(libpath, R_OK) < 0)
strcpy(libpath, LIBDIR "/" FILENAME);
}
else
strcpy(libpath, LIBDIR "/" FILENAME); strcpy(libpath, LIBDIR "/" FILENAME);
/* OSF1 only */ /* OSF1 only */