[tor-commits] [tor-browser] 11/46: Bug 1791029 - Deal with lstat potentially lying in nsLocalFileUnix. r=xpcom-reviewers, nika, a=dmeehan

[gitolite role]

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch base-browser-102.5.0esr-12.0-1
in repository tor-browser.

commit b7cb6cf47cee90eb3c30bb571e6aad31316ad763
Author: Emilio Cobos Álvarez <emilio at crisal.io>
AuthorDate: Thu Oct 6 23:29:18 2022 +0000

    Bug 1791029 - Deal with lstat potentially lying in nsLocalFileUnix. r=xpcom-reviewers,nika, a=dmeehan
    
    Differential Revision: https://phabricator.services.mozilla.com/D158796
---
 xpcom/io/nsLocalFileUnix.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp
index 410fcc19e435..f4f398993472 100644
--- a/xpcom/io/nsLocalFileUnix.cpp
+++ b/xpcom/io/nsLocalFileUnix.cpp
@@ -1925,9 +1925,13 @@ nsLocalFile::GetNativeTarget(nsACString& aResult) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
-  if (readlink(mPath.get(), target.BeginWriting(), (size_t)size) < 0) {
+  ssize_t written = readlink(mPath.get(), target.BeginWriting(), size_t(size));
+  if (written < 0) {
     return NSRESULT_FOR_ERRNO();
   }
+  // Target might have changed since the lstat call, or lstat might lie, see bug
+  // 1791029.
+  target.Truncate(written);
 
   nsresult rv = NS_OK;
   nsCOMPtr<nsIFile> self(this);
@@ -1975,12 +1979,13 @@ nsLocalFile::GetNativeTarget(nsACString& aResult) {
       break;
     }
 
-    int32_t linkLen =
+    ssize_t linkLen =
         readlink(flatRetval.get(), newTarget.BeginWriting(), size);
     if (linkLen == -1) {
       rv = NSRESULT_FOR_ERRNO();
       break;
     }
+    newTarget.Truncate(linkLen);
     target = newTarget;
   }
 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.