Nmap Development mailing list archives
[PATCH] Use access() to fix fileexistsandisreadable()
From: Kris Katterjohn <kjak () ispwest com>
Date: Tue, 05 Sep 2006 13:14:34 -0500
The attached patch fixes fileexistsandisreadable() in nmap.cc by using access() to test for readability instead of bitwise ANDing the mode and S_IRUSR. S_IRUSR only tests to see if the FILE's owner has read permissions, not the PROCESS's owner. By the man-page, access() checks with the process's uid AND gid, which wasn't attempted before. stat() is still used to determine if the file is a directory, but the macro S_ISDIR() is now used instead of bitwise ANDing with S_IFDIR. The function's comment is also changed to reflect checking to see if 'pathname' is a directory (which was tested but not "documented"). It's a diff against 4.20ALPHA6. Thanks, Kris Katterjohn
--- x/nmap.cc 2006-09-02 16:50:41.000000000 -0500 +++ y/nmap.cc 2006-09-05 13:00:31.000000000 -0500 @@ -2276,19 +2276,17 @@ void sigdie(int signo) { exit(1); } -#ifndef S_IRUSR -#define S_IRUSR 00400 -#endif - -/* Returns true (nonzero) if the file pathname given exists and is - readable by the executing process. Returns zero if it is not */ +/* Returns true (nonzero) if the file pathname given exists, is not + * a directory and is readable by the executing process. Returns + * zero if it is not + */ static int fileexistsandisreadable(char *pathname) { struct stat st; if (stat(pathname, &st) == -1) return 0; - if (!(st.st_mode & S_IFDIR) && (st.st_mode & S_IRUSR)) + if (!S_ISDIR(st.st_mode) && (access(pathname, R_OK) != -1)) return 1; return 0;
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Use access() to fix fileexistsandisreadable() Kris Katterjohn (Sep 05)
- Re: [PATCH] Use access() to fix fileexistsandisreadable() Fyodor (Sep 06)