Ticket #4822: libs_libmyth_mythcdrom-linux.cpp-guard-against-file-race-in.patch

File libs_libmyth_mythcdrom-linux.cpp-guard-against-file-race-in.patch, 1.6 KB (added by Erik Hovland <erik@…>, 13 years ago)

moves the open call up and does an fstat instead of stat

  • libs/libmyth/mythcdrom-linux.cpp

    The member function does a stat on a filename and then does an
    
    From: Erik Hovland <erik@hovland.org>
    
    open on that file name. It is possible for a user who is
    trying to do something bad to exploit the time between
    these two calls to do something else with the file associated
    with the file name
    ---
    
     libs/libmyth/mythcdrom-linux.cpp |   16 +++++++++-------
     1 files changed, 9 insertions(+), 7 deletions(-)
    
    diff --git a/libs/libmyth/mythcdrom-linux.cpp b/libs/libmyth/mythcdrom-linux.cpp
    index afdae44..ae304d4 100644
    a b void MythCDROMLinux::setSpeed(int speed) 
    637637    memset(cmd, 0, sizeof(cmd));
    638638    memset(&st, 0, sizeof(st));
    639639
    640     if (stat(m_DevicePath, &st) == -1)
     640    if ((fd = open(m_DevicePath, O_RDWR | O_NONBLOCK)) == -1)
     641    {
     642        VERBOSE(VB_MEDIA, LOC_ERR + "Changing CD/DVD speed needs write access");
     643        return;
     644    }
     645
     646    if (fstat(fd, &st) == -1)
    641647    {
     648        close(fd);
    642649        VERBOSE(VB_MEDIA, LOC_ERR +
    643650                QString("setSpeed() Failed. device %1 not found")
    644651                .arg(m_DevicePath));
    void MythCDROMLinux::setSpeed(int speed) 
    647654
    648655    if (!S_ISBLK(st.st_mode))
    649656    {
     657        close(fd);
    650658        VERBOSE(VB_MEDIA, LOC_ERR + "setSpeed() Failed. Not a block device");
    651659        return;
    652660    }
    653661
    654     if ((fd = open(m_DevicePath, O_RDWR | O_NONBLOCK)) == -1)
    655     {
    656         VERBOSE(VB_MEDIA, LOC_ERR + "Changing CD/DVD speed needs write access");
    657         return;
    658     }
    659 
    660662    if (speed < 0)
    661663        speed = -1;
    662664