Crossfire Mailing List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CF: goto directory fix
Hi,
A dungeon master could crash the server by trying to 'goto' to a
directory.
The patch fixes check_path() and also adds another check in
open_and_uncompress() that can't be fooled by race conditions.
--
Jan
diff -rc orig/crossfire-0.95.5-patch8/common/map.c crossfire-0.95.5/common/map.c
*** orig/crossfire-0.95.5-patch8/common/map.c Wed Mar 22 08:56:47 2000
--- crossfire-0.95.5/common/map.c Thu Apr 13 16:13:45 2000
***************
*** 183,189 ****
if (i == NROF_COMPRESS_METHODS)
return (-1);
if (!S_ISREG (statbuf.st_mode))
! return (0);
if (((statbuf.st_mode & S_IRGRP) && getegid() == statbuf.st_gid) ||
((statbuf.st_mode & S_IRUSR) && geteuid() == statbuf.st_uid) ||
--- 183,189 ----
if (i == NROF_COMPRESS_METHODS)
return (-1);
if (!S_ISREG (statbuf.st_mode))
! return (-1);
if (((statbuf.st_mode & S_IRGRP) && getegid() == statbuf.st_gid) ||
((statbuf.st_mode & S_IRUSR) && geteuid() == statbuf.st_uid) ||
***************
*** 504,511 ****
}
if ((fp = popen(buf2, "r")) != NULL)
return fp;
! } else if((fp=fopen(name,"r"))!=NULL)
return fp;
}
LOG(llevDebug, "Can't open %s\n", name);
return NULL;
--- 504,519 ----
}
if ((fp = popen(buf2, "r")) != NULL)
return fp;
! } else if((fp=fopen(name,"r"))!=NULL) {
! struct stat statbuf;
! if (fstat (fileno (fp), &statbuf) || ! S_ISREG (statbuf.st_mode)) {
! LOG (llevDebug, "Can't open %s - not a regular file\n", name);
! (void) fclose (fp);
! errno = EISDIR;
! return NULL;
! }
return fp;
+ }
}
LOG(llevDebug, "Can't open %s\n", name);
return NULL;