https://bugs.openldap.org/show_bug.cgi?id=10150
Issue ID: 10150 Summary: liblber/etest.c calls open with O_CREAT without specifying file mode Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: alan.coopersmith@oracle.com Target Milestone: ---
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_6/lib... has this call to the open() function:
if (( fd = open( "lber-test", O_WRONLY|O_CREAT|O_TRUNC|O_BINARY ))
Since O_CREAT is specified, there should be a third argument specifying the file permissions for the newly created file, but it is missing here, which may cause the file to be created with permissions based on whatever noise is in the register or stack position the call reads the third argument from on a given platform.
Fortunately, it looks like this code may never be compiled, since it's inside #ifdef HAVE_CONSOLE_H and I can't find anywhere that is set, since it's not in any AC_CONFIG_HEADER checks in the configure.ac file.
https://bugs.openldap.org/show_bug.cgi?id=10150
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- The HAVE_CONSOLE_H code seems to be from 1998, guessing it should just be removed at this point.
https://bugs.openldap.org/show_bug.cgi?id=10150
--- Comment #2 from alan.coopersmith@oracle.com --- It appears the console.h code was used for ancient, pre-UNIX/OSX MacOS, so is likely no longer useful to anyone. In OpenLDAP, that code only appears in libraries/liblber/dtest.c & libraries/liblber/etest.c.
https://bugs.openldap.org/show_bug.cgi?id=10150
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.7.0 Keywords|needs_review |
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- Delete obsolete code, no real bug since this code cannot be reached.
https://bugs.openldap.org/show_bug.cgi?id=10150
--- Comment #4 from Howard Chu hyc@openldap.org --- Note that on pre-UNIX MacOS, open() wouldn't use the 3rd argument, so there's no actual bug here.
https://bugs.openldap.org/show_bug.cgi?id=10150
--- Comment #5 from Quanah Gibson-Mount quanah@openldap.org --- https://git.openldap.org/openldap/openldap/-/merge_requests/672
https://bugs.openldap.org/show_bug.cgi?id=10150
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1
https://bugs.openldap.org/show_bug.cgi?id=10150
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED
--- Comment #6 from Quanah Gibson-Mount quanah@openldap.org --- • 7c55484e by Quanah Gibson-Mount at 2024-01-12T15:11:27+00:00 ITS#10150 - Remove dead code
-
openldap-its@openldap.org