summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Gwynne <dlg@cvs.openbsd.org>2013-04-23 06:17:08 +0000
committerDavid Gwynne <dlg@cvs.openbsd.org>2013-04-23 06:17:08 +0000
commitbd97815fd39a53988e14fd7a8e7b9da675d72bef (patch)
tree87439c9a7295daac96a97dbebc1e4dccb0a32162
parent490193004c35cc3b10bdd5fa96d474838a64d7c6 (diff)
use stat to see if ~/.noident is there to avoid reimplementing a security
issue from 1988 when using open. pointed out by deraadt@
-rw-r--r--usr.sbin/identd/identd.c20
1 files changed, 5 insertions, 15 deletions
diff --git a/usr.sbin/identd/identd.c b/usr.sbin/identd/identd.c
index fe639ec90d3..0f136a2a674 100644
--- a/usr.sbin/identd/identd.c
+++ b/usr.sbin/identd/identd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: identd.c,v 1.14 2013/04/23 05:39:32 dlg Exp $ */
+/* $OpenBSD: identd.c,v 1.15 2013/04/23 06:17:07 dlg Exp $ */
/*
* Copyright (c) 2013 David Gwynne <dlg@openbsd.org>
@@ -20,6 +20,7 @@
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
+#include <sys/stat.h>
#include <sys/sysctl.h>
#include <sys/uio.h>
@@ -405,7 +406,7 @@ void
parent_noident(struct ident_resolver *r, struct passwd *pw)
{
char path[MAXPATHLEN];
- int fd;
+ struct stat st;
int rv;
rv = snprintf(path, sizeof(path), "%s/%s", pw->pw_dir, DOTNOIDENT);
@@ -414,19 +415,8 @@ parent_noident(struct ident_resolver *r, struct passwd *pw)
return;
}
- fd = open(path, O_RDONLY, 0);
- if (fd == -1) {
- switch (errno) {
- case ENOENT:
- case EACCES:
- return; /* not an error */
- default:
- r->error = E_UNKNOWN;
- return;
- }
- }
-
- close(fd);
+ if (stat(path, &st) == -1)
+ return;
r->error = E_HIDDEN;
}