0001-libpq-Fix-minor-TOCTOU-violation.patch
text/plain
Filename: 0001-libpq-Fix-minor-TOCTOU-violation.patch
Type: text/plain
Part: 0
Message:
libpq minor TOCTOU violation
Patch
Format: format-patch
Series: patch 0001
Subject: libpq: Fix minor TOCTOU violation
| File | + | − |
|---|---|---|
| src/interfaces/libpq/fe-connect.c | 5 | 5 |
From ea68bcefecb79cfb4ee271c82685228cc5084385 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter@eisentraut.org>
Date: Sat, 10 Aug 2024 08:46:32 +0200
Subject: [PATCH] libpq: Fix minor TOCTOU violation
libpq checks the permissions of the password file before opening it.
The way this is done in two separate operations, a static analyzer
would flag as a time-of-check-time-of-use violation. In practice, you
can't do anything with that, but it still seems better style to fix
it.
To fix it, open the file first and then check the permissions on the
opened file handle.
---
src/interfaces/libpq/fe-connect.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 360d9a45476..369bce81b57 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -7463,10 +7463,14 @@ passwordFromFile(const char *hostname, const char *port, const char *dbname,
port = DEF_PGPORT_STR;
/* If password file cannot be opened, ignore it. */
- if (stat(pgpassfile, &stat_buf) != 0)
+ fp = fopen(pgpassfile, "r");
+ if (fp == NULL)
return NULL;
#ifndef WIN32
+ if (fstat(fileno(fp), &stat_buf) != 0)
+ return NULL;
+
if (!S_ISREG(stat_buf.st_mode))
{
fprintf(stderr,
@@ -7491,10 +7495,6 @@ passwordFromFile(const char *hostname, const char *port, const char *dbname,
*/
#endif
- fp = fopen(pgpassfile, "r");
- if (fp == NULL)
- return NULL;
-
/* Use an expansible buffer to accommodate any reasonable line length */
initPQExpBuffer(&buf);
--
2.46.0