Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
redis
redis-CVE-2023-45145.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File redis-CVE-2023-45145.patch of Package redis
From 1119ecae6fd8796fa337df2212f09173ab6c7b0a Mon Sep 17 00:00:00 2001 From: Yossi Gottlieb <yossigo@gmail.com> Date: Wed, 11 Oct 2023 22:45:34 +0300 Subject: [PATCH] Fix issue of listen before chmod on Unix sockets (CVE-2023-45145) Before this commit, Unix socket setup performed chmod(2) on the socket file after calling listen(2). Depending on what umask is used, this could leave the file with the wrong permissions for a short period of time. As a result, another process could exploit this race condition and establish a connection that would otherwise not be possible. We now make sure the socket permissions are set up prior to calling listen(2). --- src/anet.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/anet.c b/src/anet.c index 790ea7e0aca0..64824a23f845 100644 --- a/src/anet.c +++ b/src/anet.c @@ -417,13 +417,16 @@ int anetUnixGenericConnect(char *err, const char *path, int flags) return totlen; } -static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog) { +static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog, mode_t perm) { if (bind(s,sa,len) == -1) { anetSetError(err, "bind: %s", strerror(errno)); close(s); return ANET_ERR; } + if (sa->sa_family == AF_LOCAL && perm) + chmod(((struct sockaddr_un *) sa)->sun_path, perm); + if (listen(s, backlog) == -1) { anetSetError(err, "listen: %s", strerror(errno)); close(s); @@ -467,7 +470,7 @@ static int _anetTcpServer(char *err, int port, char *bindaddr, int af, int backl if (af == AF_INET6 && anetV6Only(err,s) == ANET_ERR) goto error; if (anetSetReuseAddr(err,s) == ANET_ERR) goto error; - if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog) == ANET_ERR) s = ANET_ERR; + if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog,0) == ANET_ERR) s = ANET_ERR; goto end; } if (p == NULL) { @@ -508,10 +511,8 @@ int anetUnixServer(char *err, char *path, mode_t perm, int backlog) memset(&sa,0,sizeof(sa)); sa.sun_family = AF_LOCAL; strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1); - if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog) == ANET_ERR) + if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog,perm) == ANET_ERR) return ANET_ERR; - if (perm) - chmod(sa.sun_path, perm); return s; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor