[PATCH] Use access() to fix fileexistsandisreadable()

[Kris Katterjohn <kjak () ispwest com>]

The attached patch fixes fileexistsandisreadable() in nmap.cc by using
access() to test for readability instead of bitwise ANDing the mode and
S_IRUSR. S_IRUSR only tests to see if the FILE's owner has read
permissions, not the PROCESS's owner. By the man-page, access() checks
with the process's uid AND gid, which wasn't attempted before.

stat() is still used to determine if the file is a directory, but the
macro S_ISDIR() is now used instead of bitwise ANDing with S_IFDIR.

The function's comment is also changed to reflect checking to see if
'pathname' is a directory (which was tested but not "documented").

It's a diff against 4.20ALPHA6.

Thanks,
Kris Katterjohn

--- x/nmap.cc   2006-09-02 16:50:41.000000000 -0500
+++ y/nmap.cc   2006-09-05 13:00:31.000000000 -0500
@@ -2276,19 +2276,17 @@ void sigdie(int signo) {
   exit(1);
 }
 
-#ifndef S_IRUSR
-#define S_IRUSR 00400
-#endif
-
-/* Returns true (nonzero) if the file pathname given exists and is
-   readable by the executing process.  Returns zero if it is not */
+/* Returns true (nonzero) if the file pathname given exists, is not
+ * a directory and is readable by the executing process.  Returns
+ * zero if it is not
+ */
 static int fileexistsandisreadable(char *pathname) {
   struct stat st;
 
   if (stat(pathname, &st) == -1)
     return 0;
 
-  if (!(st.st_mode & S_IFDIR) && (st.st_mode & S_IRUSR))
+  if (!S_ISDIR(st.st_mode) && (access(pathname, R_OK) != -1))
     return 1;
 
   return 0;


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org