Comment 7 for bug 573108

Revision history for this message
Dan Rosenberg (dan-j-rosenberg) wrote :

I've attached my fix here - I drop privileges to the invoking user before opening configuration files, and regain privileges afterwards.

I also put in checks to prevent a second security-relevant bug, which is a potentially exploitable integer overflow leading to heap corruption by providing a configuration file (or socket) with a very large number of lines, causing several malloc() calls to under-allocate space.