forked frompostgres/postgres
- Notifications
You must be signed in to change notification settings - Fork6
Commite882bca
committed
libpq: Fix minor TOCTOU violation
libpq checks the permissions of the password file before opening it.The way this is done in two separate operations, a static analyzerwould flag as a time-of-check-time-of-use violation. In practice, youcan't do anything with that, but it still seems better style to fixit.To fix it, open the file first and then check the permissions on theopened file handle.Reviewed-by: Aleksander Alekseev <aleksander@timescale.com>Reviewed-by: Andreas Karlsson <andreas@proxel.se>Discussion:https://www.postgresql.org/message-id/flat/a3356054-14ae-4e7a-acc6-249d19dac20b%40eisentraut.org1 parente3ec9dc commite882bca
1 file changed
+7
-5
lines changedLines changed: 7 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7452 | 7452 | | |
7453 | 7453 | | |
7454 | 7454 | | |
| 7455 | + | |
7455 | 7456 | | |
| 7457 | + | |
7456 | 7458 | | |
7457 | 7459 | | |
7458 | 7460 | | |
| |||
7477 | 7479 | | |
7478 | 7480 | | |
7479 | 7481 | | |
7480 | | - | |
| 7482 | + | |
| 7483 | + | |
7481 | 7484 | | |
7482 | 7485 | | |
7483 | 7486 | | |
| 7487 | + | |
| 7488 | + | |
| 7489 | + | |
7484 | 7490 | | |
7485 | 7491 | | |
7486 | 7492 | | |
| |||
7505 | 7511 | | |
7506 | 7512 | | |
7507 | 7513 | | |
7508 | | - | |
7509 | | - | |
7510 | | - | |
7511 | | - | |
7512 | 7514 | | |
7513 | 7515 | | |
7514 | 7516 | | |
| |||
0 commit comments
Comments
(0)