upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-05 14:29:37 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Adjust unbound-control to make stats_shm a read only operation.

Browse source
This commit is contained in:
W.C.A. Wijngaards 2019-11-20 11:18:03 +01:00
parent c54fe82886
commit 7e3da817c3
2 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/Changelog
View file

@ -5,6 +5,7 @@
reported by X41 D-Sec.
- Fix Shared Memory World Writeable,
reported by X41 D-Sec.
- Adjust unbound-control to make stats_shm a read only operation.
19 November 2019: Wouter
- Fix CVE-2019-18934, shell execution in ipsecmod.

8
smallapp/unbound-control.c
View file

@ -423,19 +423,19 @@ static void print_stats_shm(const char* cfgfile)
if(!config_read(cfg, cfgfile, NULL))
fatal_exit("could not read config file");
/* get shm segments */
id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R|SHM_W);
id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R);
if(id_ctl == -1) {
fatal_exit("shmget(%d): %s", cfg->shm_key, strerror(errno));
}
id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R|SHM_W);
id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R);
if(id_arr == -1) {
fatal_exit("shmget(%d): %s", cfg->shm_key+1, strerror(errno));
}
shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, 0);
shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, SHM_RDONLY);
if(shm_stat == (void*)-1) {
fatal_exit("shmat(%d): %s", id_ctl, strerror(errno));
}
stats = (struct ub_stats_info*)shmat(id_arr, NULL, 0);
stats = (struct ub_stats_info*)shmat(id_arr, NULL, SHM_RDONLY);
if(stats == (void*)-1) {
fatal_exit("shmat(%d): %s", id_arr, strerror(errno));
}