Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
rpm.9989
safesymlinks.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File safesymlinks.diff of Package rpm.9989
--- ./lib/fsm.c.orig 2018-06-15 11:15:50.320133057 +0000 +++ ./lib/fsm.c 2018-06-15 11:15:56.240118124 +0000 @@ -653,7 +653,7 @@ static int fsmUtime(const char *path, mo return rc; } -static int fsmVerify(const char *path, rpmfi fi, const struct stat *fsb) +static int fsmVerify(const char *path, rpmfi fi) { int rc; int saveerrno = errno; @@ -684,7 +684,7 @@ static int fsmVerify(const char *path, r if (rc) return rc; errno = saveerrno; /* Only permit directory symlinks by target owner and root */ - if (S_ISDIR(dsb.st_mode) && (luid == 0 || luid == fsb->st_uid)) + if (S_ISDIR(dsb.st_mode) && (luid == 0 || luid == dsb.st_uid)) return 0; } } else if (S_ISLNK(mode)) { @@ -928,7 +928,7 @@ int rpmPackageFilesInstall(rpmts ts, rpm } /* Assume file does't exist when tmp suffix is in use */ if (!suffix) { - rc = fsmVerify(fpath, fi, &sb); + rc = fsmVerify(fpath, fi); } else { rc = (action == FA_TOUCH) ? 0 : RPMERR_ENOENT; } --- ./lib/verify.c.orig 2018-06-15 11:16:03.904098773 +0000 +++ ./lib/verify.c 2018-06-15 11:23:42.842941766 +0000 @@ -98,11 +98,8 @@ rpmVerifyAttrs rpmfilesVerify(rpmfiles f struct stat dsb; /* ...if it actually points to a directory */ if (stat(fn, &dsb) == 0 && S_ISDIR(dsb.st_mode)) { - uid_t fuid; /* ...and is by a legit user, to match fsmVerify() behavior */ - if (sb.st_uid == 0 || - (rpmugUid(rpmfilesFUser(fi, ix), &fuid) == 0 && - sb.st_uid == fuid)) { + if (sb.st_uid == 0 || sb.st_uid == dsb.st_uid) { sb = dsb; /* struct assignment */ } }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor