From 04fe1e187587356f9439e04de34451db9374b447 Mon Sep 17 00:00:00 2001
From: Ralph Castain <rhc@open-mpi.org>
Date: Wed, 20 Aug 2008 15:30:25 +0000
Subject: [PATCH] Avoid using the "access" function for security reasons as per
 its documentation. Also, check to ensure it is a file (and not something
 else) when we are looking for a file

Fixes trac:1272

This commit was SVN r19373.

The following Trac tickets were found above:
  Ticket 1272 --> https://svn.open-mpi.org/trac/ompi/ticket/1272
---
 opal/util/path.c | 64 +++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 52 insertions(+), 12 deletions(-)

diff --git a/opal/util/path.c b/opal/util/path.c
index 3d3501096d..3ff3d18e75 100644
--- a/opal/util/path.c
+++ b/opal/util/path.c
@@ -25,6 +25,9 @@
 #ifdef HAVE_SHLWAPI_H
 #include <shlwapi.h>
 #endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
 
 #include "opal/util/path.h"
 #include "opal/util/os_path.h"
@@ -174,24 +177,61 @@ char *opal_path_findv(char *fname, int mode, char **envv, char *wrkdir)
 char *opal_path_access(char *fname, char *path, int mode)
 {
     char *fullpath = NULL;
-
+    struct stat buf;
+    
     /* Allocate space for the full pathname. */
-    if( NULL == path ) {
-        fullpath = opal_os_path( false, fname, NULL );
+    if (NULL == path) {
+        fullpath = opal_os_path(false, fname, NULL);
     } else {
-        fullpath = opal_os_path( false, path, fname, NULL );
+        fullpath = opal_os_path(false, path, fname, NULL);
     }
-    if( NULL == fullpath )
+    if (NULL == fullpath)
         return NULL;
-
-    /* Get status on the full path name to check for existance.  Then
-       check the permissions. */
-
-    if (access(fullpath, mode)) {
+    
+    /* first check to see - is this a file or a directory? We
+     * only want files
+     */
+    if (0 != stat(fullpath, &buf)) {
+        /* couldn't stat the path - obviously, this also meets the
+         * existence check, if that was requested
+         */
         free(fullpath);
-        fullpath = NULL;
+        return NULL;
     }
-
+    
+    if (!(S_IFREG & buf.st_mode) &&
+        !(S_IFLNK & buf.st_mode)) {
+        /* this isn't a regular file or a symbolic link, so
+         * ignore it 
+         */
+        free(fullpath);
+        return NULL;
+    }
+    
+    /* check the permissions */
+    if ((X_OK & mode) && !(S_IXUSR & buf.st_mode)) {
+        /* if they asked us to check executable permission,
+         * and that isn't set, then return NULL
+         */
+        free(fullpath);
+        return NULL;
+    }
+    if ((R_OK & mode) && !(S_IRUSR & buf.st_mode)) {
+        /* if they asked us to check read permission,
+         * and that isn't set, then return NULL
+         */
+        free(fullpath);
+        return NULL;
+    }
+    if ((W_OK & mode) && !(S_IWUSR & buf.st_mode)) {
+        /* if they asked us to check write permission,
+         * and that isn't set, then return NULL
+         */
+        free(fullpath);
+        return NULL;
+    }
+    
+    /* must have met all criteria! */
     return fullpath;
 }