Nmap Development mailing list archives

Re: fileexistsandisreadable() is still broken

From: Fyodor <fyodor () insecure org>
Date: Tue, 12 Dec 2006 00:48:27 -0800

On Mon, Dec 11, 2006 at 12:46:48PM -0600, Kris Katterjohn wrote:


This still fails to see if the process can read the file. It still only
tests if the *file*'s owner can read it, not the *process*'s owner.
That's for !WIN32 anyway, I only assume that S_IREAD is equivalent to
S_IRUSR.


Good point.  I think I didn't apply your patch because it didn't work
on Win32.  But I've made adjustments so that it does seem to work on
both platform, and applied the following patch for the next version:

Index: nbase/nbase.h
===================================================================
--- nbase/nbase.h       (revision 4242)
+++ nbase/nbase.h       (working copy)
@@ -293,6 +293,18 @@
 #define S_ISDIR(m)      (((m) & _S_IFMT) == _S_IFDIR)
 #endif

+/* Windows doesn't have the access() defines */
+#ifndef F_OK
+#define F_OK 00
+#endif
+#ifndef W_OK
+#define W_OK 02
+#endif
+#ifndef R_OK
+#define R_OK 04
+#endif
+
+#define access _access
 #define stat _stat /* wtf was ms thinking? */
 #define execve _execve
 #define getpid _getpid
Index: nmap.cc
===================================================================
--- nmap.cc     (revision 4243)
+++ nmap.cc     (working copy)
@@ -2310,26 +2309,21 @@
   exit(1);
 }

-#ifdef WIN32
-#define STAT_READABLE(st) st.st_mode & S_IREAD
-#else
-#define STAT_READABLE(st) st.st_mode & S_IRUSR
-#endif
-
-/* Returns true (nonzero) if the file pathname given exists, is not
- * a directory and is readable by the executing process.  Returns
- * zero if it is not
+/* Returns true (nonzero) if the file pathname given exists, is not a
+ * directory and is readable by the executing process.  Returns two if
+ * it is readable and is a directory.  Otherwise returns 0.
  */
+
 int fileexistsandisreadable(char *pathname) {
   struct stat st;

   if (stat(pathname, &st) == -1)
     return 0;

-  if (!S_ISDIR(st.st_mode) && STAT_READABLE(st))
+  if (!S_ISDIR(st.st_mode) && (access(pathname, R_OK) != -1))
     return 1;

-  if ((st.st_mode & S_IFDIR) && STAT_READABLE(st))
+  if ((st.st_mode & S_IFDIR) && (access(pathname, R_OK) != -1))
     return 2;

   return 0;


Cheers,
Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

fileexistsandisreadable() is still broken Kris Katterjohn (Dec 11)
- Re: fileexistsandisreadable() is still broken Diman Todorov (Dec 11)
  - Re: fileexistsandisreadable() is still broken Kris Katterjohn (Dec 11)
- Re: fileexistsandisreadable() is still broken Fyodor (Dec 12)