isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e4f08157b6693b956fe9c7c987bc3eeac1abb2cc
sudo/lib/util/secure_path.c
Todd C. Miller 6ff33922f4 sudo_secure_path: pass the struct stat * argument directly to stat(2) 
Set the pointer to a struct stat on the stack if st is NULL.
Avoids a needless memcpy() at the end.
2022-03-10 20:16:51 -07:00

81 lines
2.3 KiB
C
Raw Blame History

/*
* SPDX-License-Identifier: ISC
*
* Copyright (c) 2012, 2014-2016 Todd C. Miller <Todd.Miller@sudo.ws>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* This is an open source non-commercial project. Dear PVS-Studio, please check it.
* PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
*/
#include <config.h>
#include <sys/stat.h>
#include <string.h>
#include "sudo_compat.h"
#include "sudo_util.h"
#include "sudo_debug.h"
/*
* Verify that path is the right type and not writable by other users.
*/
static int
sudo_secure_path(const char *path, unsigned int type, uid_t uid, gid_t gid, struct stat *sb)
{
struct stat stat_buf;
int ret = SUDO_PATH_MISSING;
debug_decl(sudo_secure_path, SUDO_DEBUG_UTIL);
if (sb == NULL)
sb = &stat_buf;
if (path != NULL && stat(path, sb) == 0) {
if ((sb->st_mode & S_IFMT) != type) {
ret = SUDO_PATH_BAD_TYPE;
} else if (uid != (uid_t)-1 && sb->st_uid != uid) {
ret = SUDO_PATH_WRONG_OWNER;
} else if (sb->st_mode & S_IWOTH) {
ret = SUDO_PATH_WORLD_WRITABLE;
} else if (ISSET(sb->st_mode, S_IWGRP) &&
(gid == (gid_t)-1 || sb->st_gid != gid)) {
ret = SUDO_PATH_GROUP_WRITABLE;
} else {
ret = SUDO_PATH_SECURE;
}
}
debug_return_int(ret);
}
/*
* Verify that path is a regular file and not writable by other users.
*/
int
sudo_secure_file_v1(const char *path, uid_t uid, gid_t gid, struct stat *st)
{
return sudo_secure_path(path, S_IFREG, uid, gid, st);
}
/*
* Verify that path is a directory and not writable by other users.
*/
int
sudo_secure_dir_v1(const char *path, uid_t uid, gid_t gid, struct stat *st)
{
return sudo_secure_path(path, S_IFDIR, uid, gid, st);
}
Reference in New Issue View Git Blame Copy Permalink