Text  |   XML   |   Visible Warnings:

Irssi : Irssi analysis 1 : File System Race Condition  at dcc-get.c:211

Categories: POSIX.RACE.TOCTTOU CWE:367
Warning ID: 2200.2205
Procedure: sig_dccget_connected
Trace: View
Modified: Wed Sep 2 11:52:18 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /u1/paul/SATE/2010/c/irssi/irssi-0.8.14/src/irc/dcc/dcc-get.c
   Enter sig_dccget_connected
 174 void sig_dccget_connected(GET_DCC_REC *dcc) 
 175 {
 176         struct stat statbuf;
 177         char *fname, *tempfname, *str;
 178         int ret, ret_errno, temphandle, old_umask;
 179  
 180         if (!dcc->from_dccserver) {
 181                 if (net_geterror(dcc->handle) != 0) {
 182                         /* error connecting */ 
 183                         signal_emit("dcc error connect", 1, dcc);
 184                         dcc_destroy(DCC(dcc));
 185                         return;
 186                 }
 187  
 188                 g_source_remove(dcc->tagconn);
 189                 dcc->tagconn = -1;
 190         }
 191  
 192         g_free_not_null(dcc->file);
 193         dcc->file = dcc_get_download_path(dcc->arg);
 194  
 195         /* if some plugin wants to change the file name/path here.. */ 
 196         signal_emit("dcc get receive", 1, dcc);
 197  
 198         if (stat(dcc->file, &statbuf) == 0 &&
 199             dcc->get_type == DCC_GET_RENAME) {
 200                 /* file exists, rename.. */ 
true201                 fname = dcc_get_rename_file(dcc->file);
 202                 g_free(dcc->file);
*fname is checked by path name203                 dcc->file = fname;
 204         }
 205  
 206         if (dcc->get_type != DCC_GET_RESUME) {
 207                 int dcc_file_create_mode = octal2dec(settings_get_int("dcc_file_create_mode"));
 208  
 209                 /* we want to overwrite the file, remove it here.
 210                    if it gets created after this, we'll fail. */ 
*dcc->file is checked by path name211                 unlink(dcc->file);     /* File System Race Condition */
Preconditions 
((char*)$param_1)[248] != 0
mainconfig = 0
Postconditions 
*$unknown_527887' is checked by path name
dcc' = $param_1
errno' != 0
fname' = $unknown_527887
next_uniq_id' = next_uniq_id + 1



Change Warning 2200.2205 : File System Race Condition

Priority:
State:
Finding:
Owner:
Note: