File vlock-2.2.2-security.diff of Package vlock

--- src/process.c	2008-05-18 11:10:54.000000000 +0200
+++ src/process.c	2009-08-02 14:27:15.000000000 +0200
@@ -12,6 +12,7 @@
  */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <unistd.h>
 #include <signal.h>
 #include <sys/wait.h>
@@ -206,8 +207,16 @@
 
     (void) close_fds(&except_fds);
 
-    (void) setgid(getgid());
-    (void) setuid(getuid());
+    if (setgid(getgid()) < 0) {
+       perror("setgid");
+       exit(errno);
+    }
+    if (setuid(getuid()) < 0) {
+       perror("setuid");
+       exit(errno);
+    }
+
+
 
     if (child->function != NULL) {
       (void) close(status_pipe[1]);
--- src/script.c	2008-05-18 11:10:54.000000000 +0200
+++ src/script.c	2009-08-02 14:32:04.000000000 +0200
@@ -250,6 +250,7 @@
   if (data == NULL)
     return NULL;
 
+  *data = 0 ;
   if (!create_child(&child)) {
     int errsv = errno;
     free(data);
@@ -317,7 +318,8 @@
   }
 
   /* Terminate the data string. */
-  data[data_length] = '\0';
+  if (data_length > 0)
+       data[data_length - 1] = '\0';
 
   /* Close the read end of the pipe. */
   (void) close(child.stdout_fd);
openSUSE Build Service is sponsored by