From ff55c761749539e0fd759db0a7f8a9c0efed8588 Mon Sep 17 00:00:00 2001
From: millert <millert@openbsd.org>
Date: Sat, 3 Feb 2018 15:44:36 +0000
Subject: [PATCH] The recover script should have the same sanity checks as
 recover.c. Specifically, open files with O_NONBLOCK and enforce a mode of
 0600.

---
 usr.bin/vi/build/recover | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/usr.bin/vi/build/recover b/usr.bin/vi/build/recover
index 08655760157..963542eca25 100644
--- a/usr.bin/vi/build/recover
+++ b/usr.bin/vi/build/recover
@@ -1,6 +1,6 @@
 #!/usr/bin/perl -w
 #
-# $OpenBSD: recover,v 1.11 2016/11/05 16:21:56 afresh1 Exp $
+# $OpenBSD: recover,v 1.12 2018/02/03 15:44:36 millert Exp $
 #
 # Script to (safely) recover nvi edit sessions.
 #
@@ -60,7 +60,7 @@ rewinddir(RECDIR);
 foreach $file (readdir(RECDIR)) {
 	next unless $file =~ /^recover\./;
 
-	if (!sysopen(RECFILE, $file, O_RDONLY|O_NOFOLLOW)) {
+	if (!sysopen(RECFILE, $file, O_RDONLY|O_NOFOLLOW|O_NONBLOCK)) {
 	    warn "$0: can't open $file: $!\n";
 	    next;
 	}
@@ -68,12 +68,17 @@ foreach $file (readdir(RECDIR)) {
 	#
 	# Delete anything that is not a regular file as that is either
 	# filesystem corruption from fsck or an exploit attempt.
+	# Real vi recovery files are created with mode 0600, ignore others.
 	#
 	if (!stat(RECFILE)) {
 		warn "$0: can't stat $file: $!\n";
 		close(RECFILE);
 		next;
 	}
+	if (((stat(_))[2] & 07777) != 0600) {
+		close(RECFILE);
+		next;
+	}
 	$owner = (stat(_))[4];
 	if (! -f _ || ! -s _) {
 		unlink($file) unless -d _;
-- 
2.20.1