tasn pushed a commit to branch master.

http://git.enlightenment.org/core/efl.git/commit/?id=fa2ecb3af66500c95af3566103fcebc792e795e1

commit fa2ecb3af66500c95af3566103fcebc792e795e1
Author: Tom Hacohen <t...@stosb.com>
Date:   Sun Oct 4 16:16:04 2015 +0100

    Ecore Con: Fix possible timing attacks.
    
    Gist of it: we check, and then there's a window between our check and
    the mkdir. We don't really need it anyway, because we just want to mkdir
    and if it exists, just go on and do nothing.
    
    CID 1039559
    CID 1039558
    
    @fix
---
 src/lib/ecore_con/ecore_con_local.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/lib/ecore_con/ecore_con_local.c 
b/src/lib/ecore_con/ecore_con_local.c
index 2c5ca87..d3d3ada 100644
--- a/src/lib/ecore_con/ecore_con_local.c
+++ b/src/lib/ecore_con/ecore_con_local.c
@@ -219,7 +219,6 @@ ecore_con_local_listen(
    struct linger lin;
    mode_t pmode;
    const char *homedir;
-   struct stat st;
    mode_t mask;
    int socket_unix_len;
    Eina_Bool abstract_socket;
@@ -244,15 +243,21 @@ ecore_con_local_listen(
 #endif
         mask = S_IRUSR | S_IWUSR | S_IXUSR;
         snprintf(buf, sizeof(buf), "%s/.ecore", homedir);
-        if (stat(buf, &st) < 0)
+        if (mkdir(buf, mask) < 0)
           {
-             if (mkdir(buf, mask) < 0) ERR("mkdir '%s' failed", buf);
+             if (errno != EEXIST)
+               {
+                  ERR("mkdir '%s' failed", buf);
+               }
           }
 
         snprintf(buf, sizeof(buf), "%s/.ecore/%s", homedir, svr->name);
-        if (stat(buf, &st) < 0)
+        if (mkdir(buf, mask) < 0)
           {
-             if (mkdir(buf, mask) < 0) ERR("mkdir '%s' failed", buf);
+             if (errno != EEXIST)
+               {
+                  ERR("mkdir '%s' failed", buf);
+               }
           }
 
         if (svr->port < 0)

-- 


Reply via email to