openbsd/xenocara
1
0
Fork 0
mirror of https://github.com/openbsd/xenocara.git synced 2025-12-11 19:59:06 +00:00
Code Issues Projects Releases Wiki Activity

Fix CVE-2011-4028: File disclosure vulnerability.

Browse Source 
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing file.

Note that xserver on OpenBSD isn't affected by CVE-2011-4029.
This commit is contained in:
matthieu
2011-10-18 14:58:36 +00:00
parent 6f33ccac59
commit a05754665a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
xserver/os/utils.c
View File

@@ -337,7 +337,7 @@ LockServer(void)
/*
* Read the pid from the existing file
*/
lfd = open(LockFile, O_RDONLY);
lfd = open(LockFile, O_RDONLY|O_NOFOLLOW);
if (lfd < 0) {
unlink(tmp);
FatalError("Can't read lock file %s\n", LockFile);