Ignore:
Timestamp:
Jun 20, 2008, 8:05:13 AM (12 years ago)
Author:
Sam Hocevar
Message:
  • Avoid a potential shared library attack by never looking for libzzuf in the current directory.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • zzuf/trunk/src/zzuf.c

    r2345 r2461  
    918918    HANDLE pid;
    919919    void *epaddr;
    920 #endif
    921920    int ret;
     921#endif
    922922
    923923#if defined HAVE_FORK
     
    971971
    972972#if defined HAVE_FORK
    973     /* Meaningless but makes sure there is space for everything */
     973    /* Make sure there is space for everything we might do. */
    974974    libpath = malloc(len + strlen(LIBDIR "/.libs/" FILENAME EXTRAINFO) + 1);
    975975    strcpy(libpath, opts->oldargv[0]);
    976976
    977     /* Replace "/path/binaryname" with "/path/.libs/libzzuf.$(EXT)"
    978      *     and "binaryname" with ".libs/libzzuf.$(EXT)"
    979      * Write the result in libpath. */
     977    /* If the binary name contains a '/', we look for a libzzuf in the
     978     * same directory. Otherwise, we only look into the system directory
     979     * to avoid shared library attacks. Write the result in libpath. */
    980980    tmp = strrchr(libpath, '/');
    981     strcpy(tmp ? tmp + 1 : libpath, ".libs/" FILENAME);
    982 
    983     ret = access(libpath, R_OK);
    984     if(ret < 0)
     981    if(tmp)
     982    {
     983        strcpy(tmp + 1, ".libs/" FILENAME);
     984        if(access(libpath, R_OK) < 0)
     985            strcpy(libpath, LIBDIR "/" FILENAME);
     986    }
     987    else
    985988        strcpy(libpath, LIBDIR "/" FILENAME);
    986989
Note: See TracChangeset for help on using the changeset viewer.