upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-22 18:17:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
bind9/tests
History
Ondřej Surý 6082274450 Stop isc_file_safecreate from following symlinks 
The function existence-checked the target with stat() and then opened
the same path without O_NOFOLLOW, so a symlink at the target path
passed the regular-file test against the link's destination and the
open() that followed truncated and wrote through the link.
rndc-confgen -a is typically run as root and writes the keyfile under
a directory that service accounts may have write access to, so a stray
symlink there would silently redirect the truncate, fchown, and
overwrite to whatever file the link pointed at.

Switch the existence check to lstat() and use S_ISREG() so a symlink's
S_IFLNK mode is detected directly (a plain bitmask of S_IFREG matches
both, since S_IFLNK shares its high bit). Add O_NOFOLLOW to both
open() flag sets to close the lstat/open TOCTOU window. Hardening
against unexpected symlinks on intermediate path components is out of
scope.

Assisted-by: Claude:claude-opus-4-7
2026-04-29 16:56:25 +02:00
..
bench embed default sanitizer flags in executables 2026-04-05 12:46:38 +03:00
dns Add DTRACE probes to dns_delegdb 2026-04-20 13:14:19 +02:00
include/tests ISC_RUN_TEST_IMPL should use a static declaration 2026-01-28 07:26:04 +11:00
isc Stop isc_file_safecreate from following symlinks 2026-04-29 16:56:25 +02:00
isccfg embed default sanitizer flags in executables 2026-04-05 12:46:38 +03:00
libtest Move zonemgr to own source file 2026-04-08 14:24:17 +02:00
ns embed default sanitizer flags in executables 2026-04-05 12:46:38 +03:00
.gitignore
meson.build replace the build system with meson 2025-06-11 10:30:12 +03:00