TeamHepta/SDL
1
0
Fork 0
mirror of https://github.com/libsdl-org/SDL.git synced 2026-03-30 13:51:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix TOCTOU race condition

Browse Source 
Separately checking the state of a file before operating on it may allow
an attacker to modify the file between the two operations. (CWE-367)
Fix by using fstat() instead of stat().
This commit is contained in:
Mingjie Shen
2024-03-08 17:20:29 -05:00
committed by Sam Lantinga
parent cde793b0f5
commit 19b3ddac2f
3 changed files with 23 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/joystick/linux/SDL_sysjoystick.c
View File

@@ -417,7 +417,13 @@ static void MaybeAddDevice(const char *path)
return;
}
if (stat(path, &sb) == -1) {
fd = open(path, O_RDONLY | O_CLOEXEC, 0);
if (fd < 0) {
return;
}
if (fstat(fd, &sb) == -1) {
close(fd);
return;
}
@@ -435,11 +441,6 @@ static void MaybeAddDevice(const char *path)
}
}
fd = open(path, O_RDONLY | O_CLOEXEC, 0);
if (fd < 0) {
goto done;
}
#ifdef DEBUG_INPUT_EVENTS
SDL_Log("Checking %s\n", path);
#endif
@@ -507,9 +508,7 @@ static void MaybeAddDevice(const char *path)
}
done:
if (fd >= 0) {
close(fd);
}
close(fd);
SDL_UnlockJoysticks();
}