From: Mantas Mikulėnas <grawity@gmail.com>
Date: Fri, 29 Jan 2016 21:36:08 +0000 (+0200)
Subject: basic: fix touch() creating files with 07777 mode
X-Git-Tag: v229.1~1^2~38
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=66362c85779f341b661e45e90ea1ff26f04f1cf2;p=elogind.git

basic: fix touch() creating files with 07777 mode

mode_t is unsigned, so MODE_INVALID < 0 can never be true.

This fixes a possible DoS where any user could fill /run by writing to
a world-writable /run/elogind/show-status.
---

diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c
index b13a9cbea..e895cac4f 100644
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@@ -333,7 +333,8 @@ int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gi
         if (parents)
                 mkdir_parents(path, 0755);
 
-        fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644);
+        fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY,
+                        (mode == 0 || mode == MODE_INVALID) ? 0644 : mode);
         if (fd < 0)
                 return -errno;