1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
Description: fix arbitrary file overwrite via lock counter race condition
Author: Marc Deslauriers <marc.deslauriers@canonical.com>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/732628
--- ecryptfs-utils-83.orig/src/utils/mount.ecryptfs_private.c
+++ ecryptfs-utils-83/src/utils/mount.ecryptfs_private.c
@@ -307,25 +307,25 @@
* file, or it's not owned by the current user, append iterator
* until we find a filename we can use.
*/
- while (1) {
- if (stat(f, &s)==0 && (!S_ISREG(s.st_mode) || s.st_uid!=uid)) {
+ while (i < 50) {
+ if (((fd = open(f, O_RDWR | O_CREAT | O_NOFOLLOW, 0600)) >= 0) &&
+ (fstat(fd, &s)==0 && (S_ISREG(s.st_mode) && s.st_uid==uid))) {
+ break;
+ } else {
+ if (fd >= 0)
+ close(fd);
free(f);
if (asprintf(&f, "%s/%s-%s-%s-%d", TMP, FSTYPE, u,
ECRYPTFS_PRIVATE_DIR, i++) < 0) {
perror("asprintf");
return NULL;
}
- } else {
- break;
}
}
- /* open file for reading and writing */
- if ((fd = open(f, O_RDWR)) < 0) {
- /* Could not open it, so try to safely create it */
- if ((fd = open(f, O_RDWR | O_CREAT | O_EXCL, 0600)) < 0) {
- perror("open");
- return NULL;
- }
+
+ if (fd < 0) {
+ perror("open");
+ return NULL;
}
flock(fd, LOCK_EX);
fh = fdopen(fd, "r+");
|
