diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2014-09-10 13:14:28 -0700 |
---|---|---|
committer | Jon Larimer <jlarimer@google.com> | 2015-10-20 14:32:00 -0400 |
commit | cccf840917bf0de8b6e61c4ad077add6e2a4225a (patch) | |
tree | aec5b1f8379b14bc4ec524e3444db79ae1fedaf6 | |
parent | 12dfd6176dcbd9206dc05aaceccfe2efd6021739 (diff) | |
download | sqlite-cccf840917bf0de8b6e61c4ad077add6e2a4225a.tar.gz |
Fix world-readable permissions due to sqlite race condition - DO NOT MERGE
Existing code uses umask() to temporarily modify the file permissions for
open(). A race condition can occur where a second thread reads in the
temporary value, saves it, and then restores the file to the temporary value
resulting in world-readable permissions. Backporting a known fix:
http://www.sqlite.org/src/info/6c4c2b7dba
Bug: 15288755
Change-Id: I89779f3a5ba0bec181d6614b29b1e26ea4f4f049
-rw-r--r-- | dist/sqlite3.c | 33 |
1 files changed, 13 insertions, 20 deletions
diff --git a/dist/sqlite3.c b/dist/sqlite3.c index 46cf812..f95d4ee 100644 --- a/dist/sqlite3.c +++ b/dist/sqlite3.c @@ -25419,11 +25419,7 @@ static struct unix_syscall { aSyscall[13].pCurrent) #endif -#if SQLITE_ENABLE_LOCKING_STYLE { "fchmod", (sqlite3_syscall_ptr)fchmod, 0 }, -#else - { "fchmod", (sqlite3_syscall_ptr)0, 0 }, -#endif #define osFchmod ((int(*)(int,mode_t))aSyscall[14].pCurrent) #if defined(HAVE_POSIX_FALLOCATE) && HAVE_POSIX_FALLOCATE @@ -25448,9 +25444,6 @@ static struct unix_syscall { { "fchown", (sqlite3_syscall_ptr)fchown, 0 }, #define osFchown ((int(*)(int,uid_t,gid_t))aSyscall[20].pCurrent) - { "umask", (sqlite3_syscall_ptr)umask, 0 }, -#define osUmask ((mode_t(*)(mode_t))aSyscall[21].pCurrent) - }; /* End of the overrideable system calls */ /* @@ -25554,20 +25547,20 @@ static const char *unixNextSystemCall(sqlite3_vfs *p, const char *zName){ ** recover the hot journals. */ static int robust_open(const char *z, int f, mode_t m){ - int rc; - mode_t m2; - mode_t origM = 0; - if( m==0 ){ - m2 = SQLITE_DEFAULT_FILE_PERMISSIONS; - }else{ - m2 = m; - origM = osUmask(0); - } - do{ rc = osOpen(z,f,m2); }while( rc<0 && errno==EINTR ); - if( m ){ - osUmask(origM); + int fd; + mode_t m2 = m ? m : SQLITE_DEFAULT_FILE_PERMISSIONS; + do{ + fd = osOpen(z,f,m2); + }while( fd<0 && errno==EINTR ); + if( fd>=0 ){ + if( m!=0 ){ + struct stat statbuf; + if( osFstat(fd, &statbuf)==0 && (statbuf.st_mode&0777)!=m ){ + osFchmod(fd, m); + } + } } - return rc; + return fd; } /* |