From f1188d8857f2c9773156890d0037296f5361b0bf Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 6 May 2015 14:04:42 +0200
Subject: [PATCH] daemon: harden against race conditions in DELETE

There is a race between checking dump dir accessibility and deleting it
in abrt-server.

Related: #1214457.

Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
 src/daemon/abrt-server.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
index 8c48509..cfdd9b7 100644
--- a/src/daemon/abrt-server.c
+++ b/src/daemon/abrt-server.c
@@ -91,8 +91,16 @@ static int delete_path(const char *dump_dir_name)
         error_msg("Problem directory '%s' has wrong owner or group", dump_dir_name);
         return 400; /*  */
     }
-    if (!dump_dir_accessible_by_uid(dump_dir_name, client_uid))
+
+    struct dump_dir *dd = dd_opendir(dump_dir_name, DD_OPEN_FD_ONLY);
+    if (dd == NULL)
+    {
+        perror_msg("Can't open problem directory '%s'", dump_dir_name);
+        return 400;
+    }
+    if (!dd_accessible_by_uid(dd, client_uid))
     {
+        dd_close(dd);
         if (errno == ENOTDIR)
         {
             error_msg("Path '%s' isn't problem directory", dump_dir_name);
@@ -102,7 +110,16 @@ static int delete_path(const char *dump_dir_name)
         return 403; /* Forbidden */
     }
 
-    delete_dump_dir(dump_dir_name);
+    dd = dd_fdopendir(dd, /*flags:*/ 0);
+    if (dd)
+    {
+        if (dd_delete(dd) != 0)
+        {
+            error_msg("Failed to delete problem directory '%s'", dump_dir_name);
+            dd_close(dd);
+            return 400;
+        }
+    }
 
     return 0; /* success */
 }
-- 
2.1.0