mirrors/SDL
1
0
Fork 0
mirror of https://github.com/libsdl-org/SDL.git synced 2025-10-15 22:35:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix TOCTOU race condition

Browse Source 
Separately checking the state of a file before operating on it may allow
an attacker to modify the file between the two operations. (CWE-367)
Fix by using fstat() instead of stat().
This commit is contained in:
Mingjie Shen
2024-03-08 17:20:29 -05:00
committed by Sam Lantinga
parent cde793b0f5
commit 19b3ddac2f
3 changed files with 23 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/audio/SDL_audiodev.c
View File

@@ -48,9 +48,9 @@
static void test_device(const SDL_bool iscapture, const char *fname, int flags, SDL_bool (*test)(int fd))
{
struct stat sb;
if ((stat(fname, &sb) == 0) && (S_ISCHR(sb.st_mode))) {
const int audio_fd = open(fname, flags | O_CLOEXEC, 0);
if (audio_fd >= 0) {
const int audio_fd = open(fname, flags | O_CLOEXEC, 0);
if (audio_fd >= 0) {
if ((fstat(audio_fd, &sb) == 0) && (S_ISCHR(sb.st_mode))) {
const SDL_bool okay = test(audio_fd);
close(audio_fd);
if (okay) {
@@ -65,6 +65,8 @@ static void test_device(const SDL_bool iscapture, const char *fname, int flags,
*/
SDL_AddAudioDevice(iscapture, fname, NULL, (void *)(uintptr_t)dummyhandle);
}
} else {
close(audio_fd);
}
}
}