dm_server.C: fix CERT VU#975403/VU#299816

diff --git a/cde/lib/tt/bin/ttdbserverd/dm_server.C b/cde/lib/tt/bin/ttdbserverd/dm_server.C
index 63c43ac88f160fb1b8ecca8dda6886653ad50427..7e55066813d81657eeb8280f4e5906451d7f7124 100644 (file)
--- a/cde/lib/tt/bin/ttdbserverd/dm_server.C
+++ b/cde/lib/tt/bin/ttdbserverd/dm_server.C
@@ -1514,6 +1514,24 @@ _tt_transaction_1(_Tt_transaction_args* args, SVCXPRT * /* transp */)
                if (access(_tt_log_file, F_OK) == 0) {
                        _tt_process_transaction();
                }
+
+               // JET - 06/24/2002 VU#975403/VU#299816 - CERT TT
+               // vulnerability.  check for the presence of a
+               // symlink.  Abort (nicely) if there.
+
+               if(lstat(_tt_log_file, &buf) != -1)
+                 {             // present
+                   if (S_ISLNK(buf.st_mode))
+                     {         // it's a symlink.  Oops.
+                       _tt_syslog(errstr, LOG_ERR, 
+                                  "%s: _tt_log_file is a symlink.  Aborting.",
+                                  here );
+                       res.result = -1;
+                       res.iserrno = DM_ACCESS_DENIED;
+                       return(&res);
+                     }
+                 }
+
                if ((fd = open(_tt_log_file, O_RDWR | O_CREAT, S_IREAD + S_IWRITE))
                    == -1) {
                        res.iserrno = DM_WRITE_FAILED;