From 3231696f034ffefca20f76f3256856eff218a591 Mon Sep 17 00:00:00 2001
From: Jon Trulson <jon@radscan.com>
Date: Sat, 26 May 2012 18:24:31 -0600
Subject: [PATCH] dm_server.C: fix CERT VU#975403/VU#299816

---
 cde/lib/tt/bin/ttdbserverd/dm_server.C | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/cde/lib/tt/bin/ttdbserverd/dm_server.C b/cde/lib/tt/bin/ttdbserverd/dm_server.C
index 63c43ac8..7e550668 100644
--- a/cde/lib/tt/bin/ttdbserverd/dm_server.C
+++ b/cde/lib/tt/bin/ttdbserverd/dm_server.C
@@ -1514,6 +1514,24 @@ _tt_transaction_1(_Tt_transaction_args* args, SVCXPRT * /* transp */)
 		if (access(_tt_log_file, F_OK) == 0) {
 			_tt_process_transaction();
 		}
+
+		// JET - 06/24/2002 VU#975403/VU#299816 - CERT TT
+		// vulnerability.  check for the presence of a
+		// symlink.  Abort (nicely) if there.
+
+		if(lstat(_tt_log_file, &buf) != -1)
+		  {		// present
+		    if (S_ISLNK(buf.st_mode))
+		      {		// it's a symlink.  Oops.
+			_tt_syslog(errstr, LOG_ERR, 
+				   "%s: _tt_log_file is a symlink.  Aborting.",
+				   here );
+			res.result = -1;
+			res.iserrno = DM_ACCESS_DENIED;
+			return(&res);
+		      }
+		  }
+
 		if ((fd = open(_tt_log_file, O_RDWR | O_CREAT, S_IREAD + S_IWRITE))
 		    == -1) {
 			res.iserrno = DM_WRITE_FAILED;
-- 
2.25.1