20 lines
667 B
Plaintext
20 lines
667 B
Plaintext
$OpenBSD: patch-dcmpstat_apps_dcmprscp_cc,v 1.1 2014/06/04 13:15:17 jasper Exp $
|
|
|
|
Security fix for CVE-2013-6825, DCMTK Root Privilege escalation
|
|
http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html
|
|
|
|
--- dcmpstat/apps/dcmprscp.cc.orig Thu Dec 8 16:46:05 2005
|
|
+++ dcmpstat/apps/dcmprscp.cc Wed Jun 4 13:30:31 2014
|
|
@@ -500,7 +500,10 @@ int main(int argc, char *argv[])
|
|
* and run by another user. Running as root user may be
|
|
* potentially disasterous if this program screws up badly.
|
|
*/
|
|
- setuid(getuid());
|
|
+ if ( setuid(getuid()) != 0){
|
|
+ CERR << "Failed to drop privileges";
|
|
+ return -1;
|
|
+ }
|
|
#endif
|
|
|
|
#ifdef HAVE_FORK
|