[xiph-commits] r12712 - in trunk/ezstream: . src

moritz at svn.xiph.org moritz at svn.xiph.org
Sat Mar 10 13:23:18 PST 2007 

Author: moritz
Date: 2007-03-10 13:23:15 -0800 (Sat, 10 Mar 2007)
New Revision: 12712

Modified:
   trunk/ezstream/NEWS
   trunk/ezstream/src/metadata.c
   trunk/ezstream/src/playlist.c
Log:
Do not execute group-/world-writeable playlist and metadata scripts.


Modified: trunk/ezstream/NEWS
===================================================================
--- trunk/ezstream/NEWS	2007-03-10 21:18:21 UTC (rev 12711)
+++ trunk/ezstream/NEWS	2007-03-10 21:23:15 UTC (rev 12712)
@@ -7,6 +7,7 @@
  * src/playlist.*:
    - [FIX]   An error compareable to the one about xfree() in src/util.* has
              been fixed.
+   - [MISC]  Refuse to execute a group- or world-writeable playlist script.
 
  * src/compat.c:
    - [ADD]   Implement a basename() function for Windows that behaves like the

Modified: trunk/ezstream/src/metadata.c
===================================================================
--- trunk/ezstream/src/metadata.c	2007-03-10 21:18:21 UTC (rev 12711)
+++ trunk/ezstream/src/metadata.c	2007-03-10 21:23:15 UTC (rev 12712)
@@ -364,6 +364,12 @@
 		metadata_free(&md);
 		return (NULL);
 	}
+	if (st.st_mode & (S_IWGRP | S_IWOTH)) {
+		printf("%s: Error: %s is group and/or world writeable\n",
+		       __progname, program);
+		metadata_free(&md);
+		return (NULL);
+	}
 	if (!(st.st_mode & (S_IEXEC | S_IXGRP | S_IXOTH))) {
 		printf("%s: %s: Not an executable program\n", __progname, program);
 		metadata_free(&md);

Modified: trunk/ezstream/src/playlist.c
===================================================================
--- trunk/ezstream/src/playlist.c	2007-03-10 21:18:21 UTC (rev 12711)
+++ trunk/ezstream/src/playlist.c	2007-03-10 21:23:15 UTC (rev 12712)
@@ -218,6 +218,12 @@
 		playlist_free(&pl);
 		return (NULL);
 	}
+	if (st.st_mode & (S_IWGRP | S_IWOTH)) {
+		printf("%s: Error: %s is group and/or world writeable\n",
+		       __progname, filename);
+		playlist_free(&pl);
+		return (NULL);
+	}
 	if (!(st.st_mode & (S_IEXEC | S_IXGRP | S_IXOTH))) {
 		printf("%s: %s: Not an executable program\n", __progname, filename);
 		playlist_free(&pl);

More information about the commits mailing list