From: Ivo Raisr Date: Thu, 11 May 2017 17:00:17 +0000 (+0000) Subject: Fix a problem when reading .valgrindrc and it is a directory instead of a file. X-Git-Tag: svn/VALGRIND_3_13_0~70 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd0cb61caea54103359ff0d8e7c9be4f6431e5b0;p=thirdparty%2Fvalgrind.git Fix a problem when reading .valgrindrc and it is a directory instead of a file. Fixes BZ#362223. git-svn-id: svn://svn.valgrind.org/valgrind/trunk@16364 --- diff --git a/NEWS b/NEWS index 261b16f007..04c5760d79 100644 --- a/NEWS +++ b/NEWS @@ -112,6 +112,7 @@ where XXXXXX is the bug number as listed below. 358697 valgrind.h: Some code remains even when defining NVALGRIND 359202 Add musl libc configure/compile 360429 unhandled ioctl 0x530d with no size/direction hints (CDROMREADMODE1) +362223 assertion failed when .valgrindrc is a directory instead of a file 367942 Segfault vgPlain_do_sys_sigaction (m_signals.c:1138) 368863 WARNING: unhandled arm64-linux syscall: 100 (get_robust_list) 368865 WARNING: unhandled arm64-linux syscall: 272 (kcmp) diff --git a/coregrind/m_commandline.c b/coregrind/m_commandline.c index 9f5fff30e0..bccada7b36 100644 --- a/coregrind/m_commandline.c +++ b/coregrind/m_commandline.c @@ -55,8 +55,6 @@ static void add_string ( XArray* /* of HChar* */xa, HChar* str ) static HChar* read_dot_valgrindrc ( const HChar* dir ) { - Int n; - SysRes fd; struct vg_stat stat_buf; HChar* f_clo = NULL; const HChar dot_valgrindrc[] = ".valgrindrc"; @@ -66,15 +64,18 @@ static HChar* read_dot_valgrindrc ( const HChar* dir ) HChar filename[VG_(strlen)(dir) + 1 + VG_(strlen)(dot_valgrindrc) + 1]; VG_(sprintf)(filename, "%s/%s", dir, dot_valgrindrc); - fd = VG_(open)(filename, 0, VKI_S_IRUSR); + SysRes fd = VG_(open)(filename, 0, VKI_S_IRUSR); if ( !sr_isError(fd) ) { Int res = VG_(fstat)( sr_Res(fd), &stat_buf ); - // Ignore if not owned by current user or world writeable (CVE-2008-4865) - if (!res && stat_buf.uid == VG_(geteuid)() - && (!(stat_buf.mode & VKI_S_IWOTH))) { + /* Ignore if not owned by the current user, or is not a regular file, + or is world writeable (CVE-2008-4865). */ + if (res == 0 + && stat_buf.uid == VG_(geteuid)() + && (stat_buf.mode & VKI_S_IFREG) + && !(stat_buf.mode & VKI_S_IWOTH)) { if ( stat_buf.size > 0 ) { f_clo = VG_(malloc)("commandline.rdv.1", stat_buf.size+1); - n = VG_(read)(sr_Res(fd), f_clo, stat_buf.size); + Int n = VG_(read)(sr_Res(fd), f_clo, stat_buf.size); if (n == -1) n = 0; vg_assert(n >= 0 && n <= stat_buf.size+1); f_clo[n] = '\0'; @@ -82,8 +83,9 @@ static HChar* read_dot_valgrindrc ( const HChar* dir ) } else VG_(message)(Vg_UserMsg, - "%s was not read as it is either world writeable or not " - "owned by the current user\n", filename); + "%s was not read as it is either not a regular file,\n" + " or is world writeable, or is not owned by the current user.\n", + filename); VG_(close)(sr_Res(fd)); } diff --git a/docs/xml/manual-core.xml b/docs/xml/manual-core.xml index fb9512891c..08a9cb506d 100644 --- a/docs/xml/manual-core.xml +++ b/docs/xml/manual-core.xml @@ -2567,8 +2567,8 @@ precedence over those in Please note that the ./.valgrindrc -file is ignored if it is marked as world writeable or not owned -by the current user. This is because the +file is ignored if it is not a regular file, or is marked as world writeable, +or is not owned by the current user. This is because the ./.valgrindrc can contain options that are potentially harmful or can be used by a local attacker to execute code under your user account.