From fa4b1049078dc6e1a4ec9e897740076e91718ea4 Mon Sep 17 00:00:00 2001
From: Grzegorz Nosek <root@localdomain.pl>
Date: Sun, 3 Feb 2013 12:55:53 +0100
Subject: Check file permissions even when we get full path over FastCGI

It's not a security issue (executing the file would fail, anyway)
but it's a sensible sanity check.
---
 fcgiwrap.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'fcgiwrap.c')

diff --git a/fcgiwrap.c b/fcgiwrap.c
index aeccf3b..4ec75bc 100644
--- a/fcgiwrap.c
+++ b/fcgiwrap.c
@@ -388,6 +388,8 @@ static char *get_cgi_filename(void) /* and fixup environment */
 	char *pathinfo = NULL;
 
 	if ((p = getenv("SCRIPT_FILENAME"))) {
+		if (check_file_perms(p) != 0)
+			goto err;
 		return strdup(p);
 	}
 
-- 
cgit v1.2.3