Fix a problem where remote files could be removed by exploiting race

conditions similar to those reported in CERT's CA-91:10a advisory. Obtained from: Hiroshi NAKANO <nakano@rins.ryukoku.ac.jp> by way of CERT.
1997-07-18 18:33:15 +00:00 · 1997-07-18 18:33:15 +00:00 · fb9108baa9
commit fb9108baa9
parent 3109a91002
1 changed files with 2 additions and 0 deletions
--- a/usr.sbin/lpr/common_source/rmjob.c
+++ b/usr.sbin/lpr/common_source/rmjob.c
@ -191,6 +191,8 @@ process(file)
 	while (getline(cfp)) {
 		switch (line[0]) {
 		case 'U':  /* unlink associated files */
+			if (strchr(line+1, '/') || strncmp(line+1, "df", 2))
+				break;
 			if (from != host)
 				printf("%s: ", host);
 			printf(unlink(line+1) ? "cannot dequeue %s\n" :