(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/filesystem.c) |
| |
| 1079 | | | create_persconffile_profile(const char *profilename, char **pf_dir_path_return) |
| 1080 | | | { |
| 1081 | | | const char *pf_dir_path; |
| 1082 | | | #ifdef _WIN32 |
| 1083 | | | char *pf_dir_path_copy, *pf_dir_parent_path; |
| 1084 | | | size_t pf_dir_parent_path_len; |
| 1085 | | | #endif |
| 1086 | | | struct stat s_buf; |
| 1087 | | | int ret; |
| 1088 | | | |
| 1089 | | | if (profilename) { |
Event 1:
Skipping " if". profilename evaluates to false.
hide
|
|
| 1090 | | | |
| 1091 | | | |
| 1092 | | | |
| 1093 | | | |
| 1094 | | | pf_dir_path = get_profiles_dir (); |
| 1095 | | | if (ws_stat(pf_dir_path, &s_buf) != 0 && errno == ENOENT) {
x /usr/include/asm-generic/errno-base.h |
| |
5 | #define ENOENT 2 /* No such file or directory */ |
| |
|
| 1096 | | | ret = ws_mkdir(pf_dir_path, 0755); |
| 1097 | | | if (ret == -1) { |
| 1098 | | | *pf_dir_path_return = g_strdup(pf_dir_path); |
| 1099 | | | return ret; |
| 1100 | | | } |
| 1101 | | | } |
| 1102 | | | } |
| 1103 | | | |
| 1104 | [+] | | pf_dir_path = get_persconffile_dir(profilename); |
 |
| 1105 | | | if (ws_stat(pf_dir_path, &s_buf) != 0 && errno == ENOENT) {
x /usr/include/asm-generic/errno-base.h |
| |
5 | #define ENOENT 2 /* No such file or directory */ |
| |
|
Event 8:
pf_dir_path, which evaluates to g_strdup(...) from filesystem.c:985, is passed to stat() as the first argument. See related event 7.
hide
Event 9:
stat() accesses the file named pf_dir_path, where pf_dir_path is g_strdup(...) from filesystem.c:985. - The same name is used to access a file later, but it is not safe to assume that it will be the same underlying file.
See related event 8.
hide
|
|
| 1106 | | | #ifdef _WIN32 |
| 1107 | | | |
| 1108 | | | |
| 1109 | | | |
| 1110 | | | |
| 1111 | | | |
| 1112 | | | |
| 1113 | | | |
| 1114 | | | |
| 1115 | | | |
| 1116 1125 |  | | [ Lines 1116 to 1125 omitted. ] |
| 1126 | | | |
| 1127 | | | ret = ws_mkdir(pf_dir_parent_path, 0755); |
| 1128 | | | if (ret == -1) { |
| 1129 | | | *pf_dir_path_return = pf_dir_parent_path; |
| 1130 | | | return -1; |
| 1131 | | | } |
| 1132 | | | } |
| 1133 | | | g_free(pf_dir_path_copy); |
| 1134 | | | ret = ws_mkdir(pf_dir_path, 0755); |
| 1135 | | | #else |
| 1136 | | | ret = ws_mkdir(pf_dir_path, 0755); |
Event 11:
pf_dir_path, which evaluates to g_strdup(...) from filesystem.c:985, is passed to mkdir() as the first argument. See related events 7 and 8.
hide
File System Race Condition
The file named pf_dir_path is accessed again. Another process may have changed the file since the access at filesystem.c:1105. For example, an attacker could replace the original file with a link to a file containing important or confidential data. The issue can occur if the highlighted code executes. See related events 9 and 11. Show: All events | Only primary events |
|
| |