From 81b4e99b1e1a5a6ac06bcfba1bf4464085ea9688 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 27 Jul 2020 12:44:19 +0200
Subject: curl: improve the existing file check with -J

Previously a file that isn't user-readable but is user-writable would
not be properly avoided and would get overwritten.

Reported-by: BrumBrum on hackerone
Assisted-by: Jay Satiro
Bug: https://hackerone.com/reports/926638
Closes #5731
---
 lib/memdebug.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'lib/memdebug.c')

diff --git a/lib/memdebug.c b/lib/memdebug.c
index 1c6b15149..da75c9f5d 100644
--- a/lib/memdebug.c
+++ b/lib/memdebug.c
@@ -456,6 +456,16 @@ FILE *curl_dbg_fopen(const char *file, const char *mode,
   return res;
 }
 
+FILE *curl_dbg_fdopen(int filedes, const char *mode,
+                      int line, const char *source)
+{
+  FILE *res = fdopen(filedes, mode);
+  if(source)
+    curl_dbg_log("FILE %s:%d fdopen(\"%d\",\"%s\") = %p\n",
+                 source, line, filedes, mode, (void *)res);
+  return res;
+}
+
 int curl_dbg_fclose(FILE *file, int line, const char *source)
 {
   int res;
-- 
cgit v1.2.1