Closed
Bug 1232943
Opened 9 years ago
Closed 8 years ago
[CID 749674] NSS TOCTOU
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(firefox46 affected)
RESOLVED
INVALID
Tracking | Status | |
---|---|---|
firefox46 | --- | affected |
People
(Reporter: franziskus, Unassigned)
References
Details
(Keywords: coverity, Whiteboard: CID749674)
Possible TOCTOU between stat(path, &sbuf) and open(path, in the following code
mktemp.c:102
> for (start = trv + 1;; --trv) {
> char saved;
> if (trv <= path)
> break;
> saved = *trv;
> if (saved == '/' || saved == '\\') {
> int rv;
> *trv = '\0';
> rv = stat(path, &sbuf);
> *trv = saved;
> if (rv)
> return(0);
> if (!S_ISDIR(sbuf.st_mode)) {
> errno = ENOTDIR;
> return(0);
> }
> break;
> }
> }
>
> for (;;) {
> if (doopen) {
> if ((*doopen =
> open(path, O_CREAT|O_EXCL|O_RDWR|extraFlags, 0600)) = 0)
> return(1);
> if (errno != EEXIST)
> return(0);
> }
I don't think this is a problem. Due to the temporarily placed null characters, the calls to stat are never the same as what's passed to open.
Reporter | ||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
Updated•8 years ago
|
Group: crypto-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•