File CVE-2020-28935.patch of Package nsd.15253

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2020-28935.patch of Package nsd.15253

backported from

commit a4caec3137a1bc9eca05d38d66e2bce572ca9bd3
Author: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date:   Mon Nov 23 13:42:51 2020 +0100

- Fix for CVE-2020-28935 : Fix that symlink does not interfere
      with chown of pidfile.

Index: nsd-4.1.27/nsd.c
===================================================================
--- nsd-4.1.27.orig/nsd.c
+++ nsd-4.1.27/nsd.c
@@ -210,24 +210,34 @@ readpid(const char *file)
 int
 writepid(struct nsd *nsd)
 {
-	FILE * fd;
+    int fd;
 	char pidbuf[32];
+    size_t count = 0;
+
+    if(!nsd->pidfile || !nsd->pidfile[0])
+        return 0;
 
 	snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long) nsd->pid);
 
-	if ((fd = fopen(nsd->pidfile, "w")) ==  NULL ) {
+    if((fd = open(nsd->pidfile, O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0644)) == -1) {
 		log_msg(LOG_ERR, "cannot open pidfile %s: %s",
 			nsd->pidfile, strerror(errno));
 		return -1;
 	}
 
-	if (!write_data(fd, pidbuf, strlen(pidbuf))) {
-		log_msg(LOG_ERR, "cannot write pidfile %s: %s",
-			nsd->pidfile, strerror(errno));
-		fclose(fd);
-		return -1;
-	}
-	fclose(fd);
+    while(count < strlen(pidbuf)) {
+        ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count);
+        if(r == -1) {
+            if(errno == EAGAIN || errno == EINTR)
+                continue;
+            log_msg(LOG_ERR, "cannot write pidfile %s: %s",
+                nsd->pidfile, strerror(errno));
+            close(fd);
+            return -1;
+        }
+        count += r;
+    }
+	close(fd);
 
 	if (chown(nsd->pidfile, nsd->uid, nsd->gid) == -1) {
 		log_msg(LOG_ERR, "cannot chown %u.%u %s: %s",

Places

File CVE-2020-28935.patch of Package nsd.15253

Places