[tbb-commits] [tor-browser] 10/14: Bug 1791029 - Deal with lstat potentially lying in nsLocalFileUnix. r=xpcom-reviewers, nika, a=dmeehan

[gitolite role]

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1
in repository tor-browser.

commit a79c58b0f66ef267ac2a4af917b9216fcb04edb8
Author: Emilio Cobos Álvarez <emilio at crisal.io>
AuthorDate: Thu Oct 6 23:29:18 2022 +0000

    Bug 1791029 - Deal with lstat potentially lying in nsLocalFileUnix. r=xpcom-reviewers,nika, a=dmeehan
    
    Differential Revision: https://phabricator.services.mozilla.com/D158796
---
 xpcom/io/nsLocalFileUnix.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp
index 174e7c78d810..97168b02845f 100644
--- a/xpcom/io/nsLocalFileUnix.cpp
+++ b/xpcom/io/nsLocalFileUnix.cpp
@@ -1853,9 +1853,13 @@ nsLocalFile::GetNativeTarget(nsACString& aResult) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
-  if (readlink(mPath.get(), target.BeginWriting(), (size_t)size) < 0) {
+  ssize_t written = readlink(mPath.get(), target.BeginWriting(), size_t(size));
+  if (written < 0) {
     return NSRESULT_FOR_ERRNO();
   }
+  // Target might have changed since the lstat call, or lstat might lie, see bug
+  // 1791029.
+  target.Truncate(written);
 
   nsresult rv = NS_OK;
   nsCOMPtr<nsIFile> self(this);
@@ -1903,12 +1907,13 @@ nsLocalFile::GetNativeTarget(nsACString& aResult) {
       break;
     }
 
-    int32_t linkLen =
+    ssize_t linkLen =
         readlink(flatRetval.get(), newTarget.BeginWriting(), size);
     if (linkLen == -1) {
       rv = NSRESULT_FOR_ERRNO();
       break;
     }
+    newTarget.Truncate(linkLen);
     target = newTarget;
   }
 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.