diff options
| author | Richard Jones <rjones@redhat.com> | 2010-06-04 11:55:54 +0100 |
|---|---|---|
| committer | Richard Jones <rjones@redhat.com> | 2010-06-04 13:53:10 +0100 |
| commit | 74958b0ad44df6ed703cd3009983d04ade3a8e93 (patch) | |
| tree | 1f50857a53de6282cc5edc8b9d3742c72164d150 /daemon | |
| parent | e3befe5a2e85179dcc5a52aa7d74b9cc5f3430ec (diff) | |
| download | libguestfs-74958b0ad44df6ed703cd3009983d04ade3a8e93.tar.gz libguestfs-74958b0ad44df6ed703cd3009983d04ade3a8e93.tar.xz libguestfs-74958b0ad44df6ed703cd3009983d04ade3a8e93.zip | |
touch: Restrict touch to regular files only (RHBZ#582484).
Diffstat (limited to 'daemon')
| -rw-r--r-- | daemon/file.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/daemon/file.c b/daemon/file.c index 2594207f..98244724 100644 --- a/daemon/file.c +++ b/daemon/file.c @@ -34,6 +34,26 @@ do_touch (const char *path) { int fd; int r; + struct stat buf; + + /* RHBZ#582484: Restrict touch to regular files. It's also OK + * here if the file does not exist, since we will create it. + */ + CHROOT_IN; + r = lstat (path, &buf); + CHROOT_OUT; + + if (r == -1) { + if (errno != ENOENT) { + reply_with_perror ("lstat: %s", path); + return -1; + } + } else { + if (! S_ISREG (buf.st_mode)) { + reply_with_error ("%s: touch can only be used on a regular files", path); + return -1; + } + } CHROOT_IN; fd = open (path, O_WRONLY | O_CREAT | O_NOCTTY, 0666); |