tomasz.sowa/winix
1
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

fixed: security vulnerability in 'ln' winix function

Browse Source 
a user could create a hardlink to any file and the new link 
       had user_id, group_id and permissions the same as for new generated files,
       this allowes to overwrite any existing file in the filesystem,
       now user_id, group_id, permissions are the same as from the oryginal file



git-svn-id: svn://ttmath.org/publicrep/winix/trunk@941 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
Tomasz Sowa
2013-12-03 12:33:41 +00:00
parent 375604edd6
commit c04874397b
6 changed files with 82 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/dirs.cpp
View File

@@ -517,7 +517,11 @@ void Dirs::CopyDirTab(const std::vector<Item*> & in, std::vector<Item*> & out)
/*
!! IMPROVE ME
may dir_tab can be empty when link_to is not relative?
and now the algorith doesn't check if link_to is not relative (it only uses dir_tab)
*/
bool Dirs::AnalyzeDir(std::vector<Item*> & dir_tab, const std::wstring & link_to, size_t & i)
{
size_t old_i;