[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#11100: Racy code in copy.c
From: |
Philipp Thomas |
Subject: |
bug#11100: Racy code in copy.c |
Date: |
Tue, 27 Mar 2012 14:58:18 +0200 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
I'd like to pass on observations from my collegue Neil Brown:
in src/copy.c, copy_reg() is passed "bool *new_dst".
This is 'false' if the file already exists, in which case it attempts to
open the file with O_WRONLY | O_TRUNC | O_BINARY.
If it is 'true', only then does it use O_CREAT (and others).
Somewhere up the call chain - I'm not sure where - new_dst is set if 'stat'
on the file succeeds. The above mentioned code assumes that the file still
exists. This is racy - particularly for NFS where deletions from other
clients can take a while to appear.
Philipp