This is the mail archive of the
binutils@sourceware.cygnus.com
mailing list for the binutils project.
A security patch for bfd
- To: binutils at sourceware dot cygnus dot com
- Subject: A security patch for bfd
- From: "H . J . Lu" <hjl at valinux dot com>
- Date: Sun, 2 Apr 2000 11:31:59 -0700
I thought I had sent the patch enclosed here for
http://cgi.debian.org/cgi-bin/bugreport.cgi?bug=57831
to the binutils mailing list. But I couldn't find it in the archive. It
is in the Linux binutils 2.9.5.0.32. Can I check it in?
Thanks.
--
H.J. Lu (hjl@gnu.org)
--
2000-03-22 H.J. Lu <hjl@gnu.org>
* cache.c (bfd_open_file): Unlink the output file only if
it has none zero size.
--- ../../../import/binutils/src/bfd/cache.c Mon May 3 00:28:55 1999
+++ ./cache.c Wed Mar 22 14:57:38 2000
@@ -287,8 +287,11 @@ bfd_open_file (abfd)
{
/* Create the file. Unlink it first, for the convenience of
operating systems which worry about overwriting running
- binaries. */
- unlink (abfd->filename);
+ binaries. For security reasons, unlink the output file
+ only if it has none zero size. */
+ struct stat buf;
+ if (stat (abfd->filename, &buf) == 0 && buf.st_size != 0)
+ unlink (abfd->filename);
abfd->iostream = (PTR) fopen (abfd->filename, FOPEN_WB);
abfd->opened_once = true;
}