From a333e683d6b15eafb5a098e581eb7a281b15137c Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Wed, 8 Sep 2010 07:58:15 -0700
Subject: Bug 630096 - (cov#15449,15450) Check return value of stat()

We were not checking the return value of stat() before attempting
to access the structure that stat fille in in the protect_db code.
This patch checks the return value first.
---
 ldap/servers/slapd/protect_db.c | 9 +++++----
 ldap/servers/slapd/protect_db.h | 3 +++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/ldap/servers/slapd/protect_db.c b/ldap/servers/slapd/protect_db.c
index c90c8001..ce113948 100644
--- a/ldap/servers/slapd/protect_db.c
+++ b/ldap/servers/slapd/protect_db.c
@@ -205,10 +205,12 @@ make_sure_dir_exists(char *dir)
         slapdFrontendConfig->localuserinfo != NULL) {
         pw = slapdFrontendConfig->localuserinfo;
         if (chown(dir, pw->pw_uid, -1) == -1) {
-            stat(dir, &stat_buffer);
-            if (stat_buffer.st_uid != pw->pw_uid) {
+            if ((stat(dir, &stat_buffer) == 0) && (stat_buffer.st_uid != pw->pw_uid)) {
                 LDAPDebug(LDAP_DEBUG_ANY, CHOWN_WARNING, dir, 0, 0);
                 return 1;
+            } else {
+                LDAPDebug(LDAP_DEBUG_ANY, STAT_ERROR, dir, errno, 0);
+                return 1;
             }
         }
     }
@@ -242,8 +244,7 @@ add_this_process_to(char *dir_name)
         slapdFrontendConfig->localuserinfo != NULL) {
         pw = slapdFrontendConfig->localuserinfo;
         if (chown(file_name, pw->pw_uid, -1) == -1) {
-            stat(file_name, &stat_buffer);
-            if (stat_buffer.st_uid != pw->pw_uid) {
+            if ((stat(file_name, &stat_buffer) == 0) && (stat_buffer.st_uid != pw->pw_uid)) {
                 LDAPDebug(LDAP_DEBUG_ANY, CHOWN_WARNING, file_name, 0, 0);
             }
         }
diff --git a/ldap/servers/slapd/protect_db.h b/ldap/servers/slapd/protect_db.h
index 1def34c9..bbb5324f 100644
--- a/ldap/servers/slapd/protect_db.h
+++ b/ldap/servers/slapd/protect_db.h
@@ -76,6 +76,9 @@ void remove_slapd_process();
 #define CHOWN_WARNING "Warning - couldn't set the ownership for %s\n"
   /* file name */
 
+#define STAT_ERROR "Error - unable to stat %s (error %d)\n"
+  /* file name, error number */
+
 #define NO_SERVER_DUE_TO_SERVER "Unable to start slapd because it is already running as process %d\n"
   /* pid of running slapd process */
 
-- 
cgit