r1144 - tools/httpup/trunk - crux-commits

4 Apr 2006

Author: jw
Date: 2006-04-04 23:49:20 +0200 (Tue, 04 Apr 2006)
New Revision: 1144

Modified:
   tools/httpup/trunk/ChangeLog
   tools/httpup/trunk/Makefile
   tools/httpup/trunk/fileutils.cpp
Log:
httpup: fix potentially dangerous deltree call


Modified: tools/httpup/trunk/ChangeLog
===================================================================

--- tools/httpup/trunk/ChangeLog	2006-04-04 20:25:18 UTC (rev 1143)
+++ tools/httpup/trunk/ChangeLog	2006-04-04 21:49:20 UTC (rev 1144)
@@ -1,3 +1,7 @@
+* 0.4.0h        04.04.2006	Johannes Winkelmann
+- fix potentially dangerous deltree call (Thanks Martin Koniczek for reporting
+  and debugging)
+
 * 0.4.0g        23.02.2006	Johannes Winkelmann
 - change default timeout to 60s
 - add configuration variable for timeout: operation_timeout
@@ -2,3 +6,3 @@
 
-	* 0.4.0f        22.09.2005	Johannes Winkelmann
+* 0.4.0f        22.09.2005	Johannes Winkelmann
 - remove deflate option again

Modified: tools/httpup/trunk/Makefile
===================================================================
--- tools/httpup/trunk/Makefile	2006-04-04 20:25:18 UTC (rev 1143)
+++ tools/httpup/trunk/Makefile	2006-04-04 21:49:20 UTC (rev 1144)
@@ -5,7 +5,7 @@
 ## Configuration
 #
 NAME=httpup
-VERSION="0.4.0g"
+VERSION="0.4.0h"
 CXX=g++
 CXXFLAGS=-Wall -ansi -pedantic -DMF_VERSION='${VERSION}' 
 LDFLAGS=-lcurl

Modified: tools/httpup/trunk/fileutils.cpp
===================================================================
--- tools/httpup/trunk/fileutils.cpp	2006-04-04 20:25:18 UTC (rev 1143)
+++ tools/httpup/trunk/fileutils.cpp	2006-04-04 21:49:20 UTC (rev 1144)
@@ -42,15 +42,17 @@
             continue;
         }
         struct stat info;
-        stat(entry->d_name, &info);
+        if (stat(entry->d_name, &info) != 0) {
+            return -1;
+        }
+        string pathName = string(directory) + "/" + string(entry->d_name);
         if (S_ISDIR(info.st_mode)) {
-            if (deltree(entry->d_name)) {
+            if (deltree(pathName.c_str())) {
                 ret = -1;
             }
-            rmdir(entry->d_name);
+            rmdir(pathName.c_str());
         } else {
-            string file = string(directory) + "/" + string(entry->d_name);
-            if (unlink(file.c_str())) {
+            if (unlink(pathName.c_str())) {
                 ret = -1;
             }
         }

    

r1144 - tools/httpup/trunk

crux＠crux.nu

tags

participants (1)