Opened 16 years ago
Closed 15 years ago
#5288 closed defect (fixed)
HTTPRequest::SendResponseFile file race and negative returns
| Reported by: | Owned by: | Isaac Richards | |
|---|---|---|---|
| Priority: | minor | Milestone: | 0.22 |
| Component: | mythtv | Version: | head |
| Severity: | low | Keywords: | |
| Cc: | Ticket locked: | no |
Description
A file race exists in HTTPRequest::SendResponseFile? often termed as "time of check, time of use". The function has a string which should be a file name. That string is used to get the files information with a stat() call. Then (in this case) the file is opened using the same string. A nefarious user could exploit the time in between these two calls to get the function to open whatever file it wants as long as it is still called the same thing by the string since the stat information was retrieved. The second defect is that open() is called but the returned file descriptor is not checked to see if the open() worked. Then the function passes the file descriptor to close(), if it is negative - close()'es behavior is unspecified and might cause crashing.
The patches solution is to do a QFile::open() instead of a QFile::exists() on the file name. And error out if there was a problem. Then use the QFile::size() instead of stat to get the amount of bytes in the file. Finally, the open() call is removed and the file will close when the QFile object goes out of scope.
Attachments (4)
Change History (14)
Changed 16 years ago by
| Attachment: | libs_libmythupnp-negative-returns.patch added |
|---|
Changed 16 years ago by
| Attachment: | libmythupnp-negative-returns.patch added |
|---|
Replaces previous patch as of svn revision #18033
comment:1 Changed 16 years ago by
Note: We used stat throughout MythTV to check on file sizes since QFile::size() used to only return a proper file size for small files.
We should confirm that QFile::size() returns the proper size for large files now (post-Qt4 conversion, large being files >4GB); then, assuming it does, we should systematically replace stat() calls that are solely used for file size checks in MythTV.
comment:2 Changed 16 years ago by
OK, I will attempt to see if I can test whether Qt4 does the right thing with big files. The main problem here is not the use of stat per-se but the use of stat before open. I am willing to rework the patch so that it is open then fstat if that is more agreeable.
Thanks for taking a look.
Changed 16 years ago by
| Attachment: | 5288-v3.patch added |
|---|
comment:3 Changed 16 years ago by
| Milestone: | unknown → 0.22 |
|---|
I checked, and QFileInfo & QFile both handle files larger than 2GB now. I've attached a patch that replaces all includes the upnp fix along with a number of other stat replacements. It needs testing though.
comment:4 Changed 16 years ago by
I have systematically tested the UPnP and preview generator changes, and the other ones roughly (except for the job queue and transcode which I haven't had time for). They all look good to commit!
comment:5 Changed 16 years ago by
comment:6 Changed 16 years ago by
comment:8 Changed 15 years ago by
comment:9 Changed 15 years ago by
comment:10 Changed 15 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
reworks the member function so that it does not have a file race nor a unchecked open() call