Commit a38e1fe0 by Őry Máté

fix symlink vulnerability

parent 682c53d2
......@@ -75,6 +75,10 @@ def notify(url):
olddisplay = os.environ.get("DISPLAY")
try:
file_path = os.path.join(get_temp_dir(), file_name)
if file_already_exists(file_path):
os.remove(file_path)
if file_already_exists(file_path):
raise Exception("Couldn't create file %s as new" % file_path)
with open(file_path, "w") as f:
json.dump(url, f)
......@@ -94,6 +98,23 @@ def notify(url):
os.environ["DISPLAY"] = olddisplay
def file_already_exists(name):
"""Return whether file already exists, create it if not.
Other errors are silently ignored as the file will be reopened anyways.
Creating it is needed to avoid race condition.
"""
try:
fd = os_open(name, O_CREAT | O_EXCL)
except OSError as e:
if e.errno == EEXIST:
return True
else:
close(fd)
return False
def search_display():
"""Search a valid DISPLAY env var in processes
"""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment