libc/lib_remove: fix TOCTOU race condition
Separately checking the state of a file before operating on it may allow
an attacker to modify the file between the two operations.
Reference:
CWE-367
4290aed051/sysdeps/posix/remove.c (L29-L41)
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
This commit is contained in:
Mingjie Shen
Xiang Xiao
parent
dc69b108b8
commit
f5a2741ec2
|
|
@ -51,25 +51,18 @@
|
||||||
|
|
||||||
int remove(FAR const char *path)
|
int remove(FAR const char *path)
|
||||||
{
|
{
|
||||||
struct stat buf;
|
/* First try to unlink since this is
|
||||||
int ret;
|
* more frequently the necessary action.
|
||||||
|
*/
|
||||||
|
|
||||||
/* Check the kind of object pointed by path */
|
if (unlink(path) != 0 /* If it is indeed a directory... */
|
||||||
|
&& (errno != EPERM /* ...try to remove it. */
|
||||||
ret = stat(path, &buf);
|
|| rmdir(path) != 0))
|
||||||
if (ret != 0)
|
|
||||||
{
|
{
|
||||||
return ret;
|
/* Cannot remove the object for whatever reason. */
|
||||||
|
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Act according to the kind of object */
|
return 0;
|
||||||
|
|
||||||
if (S_ISDIR(buf.st_mode))
|
|
||||||
{
|
|
||||||
return rmdir(path);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return unlink(path);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue