Closed Bug 1232942 Opened 9 years ago Closed 8 years ago

[CID 1213980] NSS TOCTOU

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox46 affected)

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox46 --- affected

People

(Reporter: franziskus, Unassigned)

References

Details

(Keywords: coverity, Whiteboard: CID1213980) 

os_stat(dbname, &stat_existing) and usage of dbname/file_mode in the following code yield possible TOCTOU.

utilmod.c:503
>   /* get the permissions of the existing file, or use the default */
>    if (!os_stat(dbname, &stat_existing)) {
>	file_mode = stat_existing.st_mode;
>    } else {
>	file_mode = os_open_permissions_default;
>    }
> 
>    /* do we really want to use streams here */
>    fd = fopen(dbname, "r");
>    if (fd == NULL) goto loser;
> 
>    fd2 = lfopen(dbname2, lfopen_truncate, file_mode);
I don't think this is a problem. At worst something could get the wrong permissions, but if an attacker could modify file permissions, they can do much worse.
I agree with David. Marking this as false positive.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
Group: crypto-core-security
You need to log in before you can comment on or make changes to this bug.