diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2020-07-27 12:44:19 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-07-28 23:28:40 +0200 |
| commit | 81b4e99b1e1a5a6ac06bcfba1bf4464085ea9688 (patch) | |
| tree | 63f2ee22b9ce47890b95ae4b2f7a7130df5e1ab4 /lib/memdebug.c | |
| parent | 2b6b843bb133b1a2928a82def520084c093076d0 (diff) | |
| download | curl-81b4e99b1e1a5a6ac06bcfba1bf4464085ea9688.tar.gz | |
curl: improve the existing file check with -J
Previously a file that isn't user-readable but is user-writable would
not be properly avoided and would get overwritten.
Reported-by: BrumBrum on hackerone
Assisted-by: Jay Satiro
Bug: https://hackerone.com/reports/926638
Closes #5731
Diffstat (limited to 'lib/memdebug.c')
| -rw-r--r-- | lib/memdebug.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/memdebug.c b/lib/memdebug.c index 1c6b15149..da75c9f5d 100644 --- a/lib/memdebug.c +++ b/lib/memdebug.c @@ -456,6 +456,16 @@ FILE *curl_dbg_fopen(const char *file, const char *mode, return res; } +FILE *curl_dbg_fdopen(int filedes, const char *mode, + int line, const char *source) +{ + FILE *res = fdopen(filedes, mode); + if(source) + curl_dbg_log("FILE %s:%d fdopen(\"%d\",\"%s\") = %p\n", + source, line, filedes, mode, (void *)res); + return res; +} + int curl_dbg_fclose(FILE *file, int line, const char *source) { int res; |