https://bugs.openldap.org/show_bug.cgi?id=10150
Issue ID: 10150
Summary: liblber/etest.c calls open with O_CREAT without
specifying file mode
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: libraries
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_6/libraries/liblber/etest.c?ref_type=tags#L86
has this call to the open() function:
if (( fd = open( "lber-test", O_WRONLY|O_CREAT|O_TRUNC|O_BINARY ))
Since O_CREAT is specified, there should be a third argument specifying
the file permissions for the newly created file, but it is missing here,
which may cause the file to be created with permissions based on whatever
noise is in the register or stack position the call reads the third argument
from on a given platform.
Fortunately, it looks like this code may never be compiled, since it's
inside #ifdef HAVE_CONSOLE_H and I can't find anywhere that is set, since
it's not in any AC_CONFIG_HEADER checks in the configure.ac file.
--
You are receiving this mail because:
You are on the CC list for the issue.
