Commit b6d3cb54 authored by Rich Salz's avatar Rich Salz Committed by Rich Salz
Browse files

RT1369: don't do "helpful" access check. 



Don't do access check on destination directory; it breaks when euid/egid
is different from real uid/gid.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Signed-off-by: default avatarRich Salz <rsalz@akamai.com>
parent b8cba008

apps/ca.c

+5 −16
Original line number Diff line number Diff line
@@ -703,24 +703,13 @@ end_of_options: 
#ifndef OPENSSL_SYS_VMS

        /*

         * outdir is a directory spec, but access() for VMS demands a

         * filename.  In any case, stat(), below, will catch the problem if

         * outdir is not a directory spec, and the fopen() or open() will

         * catch an error if there is no write access.

         *

         * Presumably, this problem could also be solved by using the DEC C

         * routines to convert the directory syntax to Unixly, and give that

         * to access().  However, time's too short to do that just now.

         * filename.  We could use the DEC C routine to convert the

         * directory syntax to Unixly, and give that to app_isdir,

         * but for now the fopen will catch the error if it's not a

         * directory

         */

        if (app_access(outdir, R_OK | W_OK | X_OK) != 0)

        {

            BIO_printf(bio_err, "I am unable to access the %s directory\n",

                       outdir);

            perror(outdir);

            goto end;

        }



        if (app_isdir(outdir) <= 0) {

            BIO_printf(bio_err, "%s need to be a directory\n", outdir);

            BIO_printf(bio_err, "%s: %s is not a directory\n", prog, outdir);

            perror(outdir);

            goto end;

        }