From b41a544e20a42413daa0323d2f149e9e34586ccf Mon Sep 17 00:00:00 2001
From: "Frank Ch. Eigler" <fche@elastic.org>
Date: Wed, 25 Mar 2009 10:44:55 -0400
Subject: Fix for CVE-2009-0784: stapusr module-path checking race

* runtime/staprun/staprun_funcs.c (check_path): Save fully
  canonicalized and checked module path for later loading.
---
 runtime/staprun/staprun_funcs.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'runtime/staprun/staprun_funcs.c')

diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c
index 5e7fa102..e94e5d13 100644
--- a/runtime/staprun/staprun_funcs.c
+++ b/runtime/staprun/staprun_funcs.c
@@ -269,6 +269,15 @@ check_path(void)
 		return -1;
 	}
 
+        /* Overwrite the modpath with the canonicalized one, to defeat
+           a possible race between path checking below and somewhat later
+           module loading. */
+        modpath = strdup (module_realpath);
+        if (modpath == NULL) {
+		_perr("allocating memory failed");
+                exit (1);
+        }
+
 	/* To make sure the user can't specify something like
 	 * /lib/modules/`uname -r`/systemtapmod.ko, put a '/' on the
 	 * end of staplib_dir_realpath. */
-- 
cgit