diff options
author | Christian Grothoff <christian@grothoff.org> | 2016-01-18 20:43:27 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2016-01-18 20:43:27 +0000 |
commit | 1421e4394f01e8167b5b7be67b6f98159895ae4b (patch) | |
tree | 8e40ec801eb699b1edc6c8bb051e2fd14b9c64df | |
parent | 9be469e2eeade6ccdbbd24f99cd37aa424e9afb9 (diff) | |
download | libmicrohttpd-1421e4394f01e8167b5b7be67b6f98159895ae4b.tar.gz libmicrohttpd-1421e4394f01e8167b5b7be67b6f98159895ae4b.zip |
eliminate stat/fopen race in example
-rw-r--r-- | src/examples/https_fileserver_example.c | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/src/examples/https_fileserver_example.c b/src/examples/https_fileserver_example.c index fe0c2de7..99ec50b3 100644 --- a/src/examples/https_fileserver_example.c +++ b/src/examples/https_fileserver_example.c | |||
@@ -125,6 +125,7 @@ http_ahc (void *cls, | |||
125 | struct MHD_Response *response; | 125 | struct MHD_Response *response; |
126 | int ret; | 126 | int ret; |
127 | FILE *file; | 127 | FILE *file; |
128 | int fd; | ||
128 | struct stat buf; | 129 | struct stat buf; |
129 | 130 | ||
130 | if (0 != strcmp (method, MHD_HTTP_METHOD_GET)) | 131 | if (0 != strcmp (method, MHD_HTTP_METHOD_GET)) |
@@ -137,12 +138,22 @@ http_ahc (void *cls, | |||
137 | } | 138 | } |
138 | *ptr = NULL; /* reset when done */ | 139 | *ptr = NULL; /* reset when done */ |
139 | 140 | ||
140 | if ( (0 == stat (&url[1], &buf)) && | 141 | file = fopen (&url[1], "rb"); |
141 | (S_ISREG (buf.st_mode)) ) | 142 | if (NULL != file) |
142 | file = fopen (&url[1], "rb"); | 143 | { |
143 | else | 144 | fd = fileno (file); |
144 | file = NULL; | 145 | if (-1 == fd) |
145 | if (file == NULL) | 146 | return MHD_NO; /* internal error */ |
147 | if ( (0 != fstat (fd, &buf)) || | ||
148 | (! S_ISREG (buf.st_mode)) ) | ||
149 | { | ||
150 | /* not a regular file, refuse to serve */ | ||
151 | fclose (file); | ||
152 | file = NULL; | ||
153 | } | ||
154 | } | ||
155 | |||
156 | if (NULL == file) | ||
146 | { | 157 | { |
147 | response = MHD_create_response_from_buffer (strlen (EMPTY_PAGE), | 158 | response = MHD_create_response_from_buffer (strlen (EMPTY_PAGE), |
148 | (void *) EMPTY_PAGE, | 159 | (void *) EMPTY_PAGE, |
@@ -155,7 +166,7 @@ http_ahc (void *cls, | |||
155 | response = MHD_create_response_from_callback (buf.st_size, 32 * 1024, /* 32k PAGE_NOT_FOUND size */ | 166 | response = MHD_create_response_from_callback (buf.st_size, 32 * 1024, /* 32k PAGE_NOT_FOUND size */ |
156 | &file_reader, file, | 167 | &file_reader, file, |
157 | &file_free_callback); | 168 | &file_free_callback); |
158 | if (response == NULL) | 169 | if (NULL == response) |
159 | { | 170 | { |
160 | fclose (file); | 171 | fclose (file); |
161 | return MHD_NO; | 172 | return MHD_NO; |
@@ -166,6 +177,7 @@ http_ahc (void *cls, | |||
166 | return ret; | 177 | return ret; |
167 | } | 178 | } |
168 | 179 | ||
180 | |||
169 | int | 181 | int |
170 | main (int argc, char *const *argv) | 182 | main (int argc, char *const *argv) |
171 | { | 183 | { |