blob: afa33211f872b3a815626b7f2a3829aebf7b9109 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From ac4a3682aecb9d6466fea4aebb183b5f8f632905 Mon Sep 17 00:00:00 2001
From: Nikolas Garofil <nikolas@garofil.be>
Date: Thu, 10 Feb 2011 16:20:06 +0100
Subject: [PATCH] Fix security bug in 's getSkillname
---
src/eve.cc | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/eve.cc b/src/eve.cc
index 187a5f4..29b8c45 100644
--- a/src/eve.c
+++ b/src/eve.c
@@ -285,7 +285,8 @@ static char *getSkillname(const char *file, int skillid)
if (!file_exists(file)) {
skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
- writeSkilltree(skilltree, file);
+//2x file_exits() so that someone (malicious?) couldn't create it during during the previous call
+ if (!file_exists(file)) writeSkilltree(skilltree, file);
free(skilltree);
}
--
1.7.0.4
|
GitWeb
