16 Nov
2023
16 Nov
'23
8:52 p.m.
alsa-project/alsa-lib pull request #367 was opened from szsam:
Separately checking the state of a file before operating on it may allow an attacker to modify the file between the two operations. Fix by calling readlink first. If that fails, then path should not be a symbolic link and we call open() followed by fstat(). open() with O_NOFOLLOW will return an error if the file is a symlink.
Request URL : https://github.com/alsa-project/alsa-lib/pull/367 Patch URL : https://github.com/alsa-project/alsa-lib/pull/367.patch Repository URL: https://github.com/alsa-project/alsa-lib