Check file permissions even when we get full path over FastCGI

It's not a security issue (executing the file would fail, anyway) but it's a sensible sanity check.
author: Grzegorz Nosek <root@localdomain.pl> 2013-02-03 12:55:53 +0100
committer: Grzegorz Nosek <root@localdomain.pl> 2013-02-03 14:14:00 +0100
commit: fa4b1049078dc6e1a4ec9e897740076e91718ea4 (patch)
tree: e30d1668c5794d5334f858825072ef0b0d9f0960
parent: b9f03e63779df844e7bc52b210de19116ab9d587 (diff)
download: fcgiwrap-fa4b1049078dc6e1a4ec9e897740076e91718ea4.tar.xz
fcgiwrap-fa4b1049078dc6e1a4ec9e897740076e91718ea4.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/fcgiwrap.c b/fcgiwrap.c
index aeccf3b..4ec75bc 100644
--- a/fcgiwrap.c
+++ b/fcgiwrap.c
@@ -388,6 +388,8 @@ static char *get_cgi_filename(void) /* and fixup environment */
 	char *pathinfo = NULL;
 
 	if ((p = getenv("SCRIPT_FILENAME"))) {
+		if (check_file_perms(p) != 0)
+			goto err;
 		return strdup(p);
 	}
author	Grzegorz Nosek <root@localdomain.pl>	2013-02-03 12:55:53 +0100
committer	Grzegorz Nosek <root@localdomain.pl>	2013-02-03 14:14:00 +0100
commit	fa4b1049078dc6e1a4ec9e897740076e91718ea4 (patch)
tree	e30d1668c5794d5334f858825072ef0b0d9f0960
parent	b9f03e63779df844e7bc52b210de19116ab9d587 (diff)
download	fcgiwrap-fa4b1049078dc6e1a4ec9e897740076e91718ea4.tar.xz fcgiwrap-fa4b1049078dc6e1a4ec9e897740076e91718ea4.zip