From 331fc7a6f45b92ec7ffe51671bf54f938caeab4e Mon Sep 17 00:00:00 2001 From: Chris Allegretta Date: Sat, 2 Dec 2000 03:06:37 +0000 Subject: [PATCH] Okay, now write_file never trusts symlinks at all, no chance of spelling symlink attack :) git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@360 35c25a1d-7b9e-4130-9fde-d3aeb78583b8 --- files.c | 2 +- po/nano.pot | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/files.c b/files.c index bed3cd31..05d31d87 100644 --- a/files.c +++ b/files.c @@ -327,7 +327,7 @@ int write_file(char *name, int tmp) lstat(realname, &st); /* Open the file and truncate it. Trust the symlink. */ - if ((ISSET(FOLLOW_SYMLINKS) || !S_ISLNK(st.st_mode)) && !tmp) { + if (!tmp && (ISSET(FOLLOW_SYMLINKS) || !S_ISLNK(st.st_mode))) { if ((fd = open(realname, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | diff --git a/po/nano.pot b/po/nano.pot index 8b108fa4..eeabc1c0 100644 --- a/po/nano.pot +++ b/po/nano.pot @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2000-12-01 21:39-0500\n" +"POT-Creation-Date: 2000-12-01 22:06-0500\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" -- 2.39.5