Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Nov 2003 11:57:57 +0300 (MSK)
From:      Konstantin Oznobihin <bork@rsu.ru>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/59499: [patch] openFile function opens files for reading and writing instead of reading only
Message-ID:  <200311200857.hAK8vvAf039277@rocky.cc.rsu.ru>
Resent-Message-ID: <200311200900.hAK90YS6090530@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         59499
>Category:       ports
>Synopsis:       [patch] openFile function opens files for reading and writing instead of reading only
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 20 01:00:33 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Konstantin Oznobihin
>Release:        FreeBSD 5.1-RELEASE-p8 i386
>Organization:
Computer Center of Rostov State University
>Environment:
System: FreeBSD  5.1-RELEASE-p8 FreeBSD 5.1-RELEASE-p8 #2: Sat Oct 4 18:24:23 MSD 2003 bork@rsu.ru:/usr/obj/usr/src/sys/KERNEL i386


>Description:
	The XMLPlatformUtils::openFile function opens files with fopen and
	passes it "r+" string as mode argument. This makes(according to
	fopen(3)) it try to open file for reading and writing while it
	should be opened for reading only. As a result you can't
	work with files not owned by you which is rather common case
	for dtd files.
>How-To-Repeat:
	Try "SAX2Pint somefile.xml" where somefile.xml belongs to
	other user and has access rights rw-r--r--.
>Fix:
	Just change mode from "r+" to "r", here is the patch:

--- patch begins here ---
--- xerces-c-src_2_3_0/src/xercesc/util/Platforms/FreeBSD/FreeBSDPlatformUtils.cpp	Wed Nov 12 20:32:33 2003
+++ FreeBSDPlatformUtils.cpp	Wed Nov 12 20:31:16 2003
@@ -298,7 +298,7 @@
 		 XMLExcepts::CPtr_PointerIsZero);
     const char* tmpFileName = XMLString::transcode(fileName, fgMemoryManager);
     ArrayJanitor<char> janText((char*)tmpFileName, fgMemoryManager);
-    FileHandle retVal = (FileHandle)fopen( tmpFileName , "r+" );
+    FileHandle retVal = (FileHandle)fopen( tmpFileName , "r" );
     return retVal;
 }
 
@@ -307,7 +307,7 @@
     if (fileName == NULL)
 	ThrowXML(XMLPlatformUtilsException,
 		 XMLExcepts::CPtr_PointerIsZero);
-    FileHandle retVal = (FileHandle)fopen( fileName , "r+" );
+    FileHandle retVal = (FileHandle)fopen( fileName , "r" );
     return retVal;
 }
 
--- patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311200857.hAK8vvAf039277>