File vlock-2.2.2-security.diff of Package vlock
--- src/process.c 2008-05-18 11:10:54.000000000 +0200
+++ src/process.c 2009-08-02 14:27:15.000000000 +0200
@@ -12,6 +12,7 @@
*/
#include <stdio.h>
+#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <sys/wait.h>
@@ -206,8 +207,16 @@
(void) close_fds(&except_fds);
- (void) setgid(getgid());
- (void) setuid(getuid());
+ if (setgid(getgid()) < 0) {
+ perror("setgid");
+ exit(errno);
+ }
+ if (setuid(getuid()) < 0) {
+ perror("setuid");
+ exit(errno);
+ }
+
+
if (child->function != NULL) {
(void) close(status_pipe[1]);
--- src/script.c 2008-05-18 11:10:54.000000000 +0200
+++ src/script.c 2009-08-02 14:32:04.000000000 +0200
@@ -250,6 +250,7 @@
if (data == NULL)
return NULL;
+ *data = 0 ;
if (!create_child(&child)) {
int errsv = errno;
free(data);
@@ -317,7 +318,8 @@
}
/* Terminate the data string. */
- data[data_length] = '\0';
+ if (data_length > 0)
+ data[data_length - 1] = '\0';
/* Close the read end of the pipe. */
(void) close(child.stdout_fd);