[Date Prev][Date Next] [Chronological] [Thread] [Top]

race condition in servers/slurpd/reject.c function write_reject() (ITS#2009)

To: openldap-its@OpenLDAP.org
Subject: race condition in servers/slurpd/reject.c function write_reject() (ITS#2009)
From: rhafer@suse.de
Date: Mon, 5 Aug 2002 16:43:05 GMT

Full_Name: Ralf Haferkamp
Version: 2.0.25, HEAD
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (213.95.15.201)


This code contains a race condition

    if ( access( rejfile, F_OK ) < 0 ) {
        /* Doesn't exist - try to create */
        int rjfd;
        if (( rjfd = open( rejfile, O_RDWR | O_APPEND | O_CREAT,
                S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )) < 0 ) {

The file could have been created between access() and open() (e.g. symlink
attack). open should use "O_EXCL".

Prev by Date: RE: Info message for LDAP_SERVER_DOWN in case of SSL/TLS failure (ITS#1995)
Next by Date: Re: Memory leak in SSL binds, OpenLDAP 2.0.23
Index(es):
- Chronological
- Thread