X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/ff790e47f2de6f4d6d48148e1d5a67da8e93c446..1ba28e2b955b005ce4825fec792df17f75a8de1e:/src/src/exim_lock.c

diff --git a/src/src/exim_lock.c b/src/src/exim_lock.c
index 9b5b26209..f783a2bcf 100644
--- a/src/src/exim_lock.c
+++ b/src/src/exim_lock.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/exim_lock.c,v 1.2 2005/06/22 15:44:38 ph10 Exp $ */
+/* $Cambridge: exim/src/src/exim_lock.c,v 1.4 2010/05/29 12:11:48 pdp Exp $ */
 
 /* A program to lock a file exactly as Exim would, for investigation of
 interlocking problems.
@@ -183,7 +183,8 @@ BOOL quiet = FALSE;
 BOOL restore_times = FALSE;
 char *filename;
 char *lockname = NULL, *hitchname = NULL;
-char *primary_hostname, *command;
+char *primary_hostname;
+const char *command;
 struct utsname s;
 char buffer[256];
 char tempname[256];
@@ -310,7 +311,8 @@ if (use_lockfile)
 for (j = 0; j < lock_retries; j++)
   {
   int sleep_before_retry = TRUE;
-  struct stat statbuf, ostatbuf;
+  struct stat statbuf, ostatbuf, lstatbuf, statbuf2;
+  int mbx_tmp_oflags;
 
   /* Try to build a lock file if so configured */
 
@@ -329,7 +331,7 @@ for (j = 0; j < lock_retries; j++)
     /* Apply hitching post algorithm. */
 
     if ((rc = link(hitchname, lockname)) != 0) fstat(hd, &statbuf);
-    close(hd);
+    (void)close(hd);
     unlink(hitchname);
 
     if (rc != 0 && statbuf.st_nlink != 2)
@@ -431,7 +433,11 @@ for (j = 0; j < lock_retries; j++)
         }
       }
 
-    md = open(tempname, O_RDWR | O_CREAT, 0600);
+    mbx_tmp_oflags = O_RDWR | O_CREAT;
+#ifdef O_NOFOLLOW
+    mbx_tmp_oflags |= O_NOFOLLOW;
+#endif
+    md = open(tempname, mbx_tmp_oflags, 0600);
     if (md < 0)
       {
       printf("exim_lock: failed to create mbx lock file %s: %s\n",
@@ -439,6 +445,30 @@ for (j = 0; j < lock_retries; j++)
       goto CLEAN_UP;
       }
 
+    /* security fixes from 2010-05 */
+    if (lstat(tempname, &lstatbuf) < 0)
+      {
+      printf("exim_lock: failed to lstat(%s) after opening it: %s\n",
+          tempname, strerror(errno));
+      goto CLEAN_UP;
+      }
+    if (fstat(md, &statbuf2) < 0)
+      {
+      printf("exim_lock: failed to fstat() open fd of \"%s\": %s\n",
+          tempname, strerror(errno));
+      goto CLEAN_UP;
+      }
+    if ((statbuf2.st_nlink > 1) ||
+        (lstatbuf.st_nlink > 1) ||
+        (!S_ISREG(lstatbuf.st_mode)) ||
+        (lstatbuf.st_dev != statbuf2.st_dev) ||
+        (lstatbuf.st_ino != statbuf2.st_ino))
+      {
+      printf("exim_lock: race condition exploited against us when "
+          "locking \"%s\"\n", tempname);
+      goto CLEAN_UP;
+      }
+
     (void)chmod(tempname, 0600);
 
     if (apply_lock(md, F_WRLCK, use_fcntl, lock_fcntl_timeout, use_flock,