From 6c8abe30eb39ad4313a851f9b46457249cf5e726 Mon Sep 17 00:00:00 2001
From: Ander Juaristi <address@hidden>
Date: Sun, 26 Jun 2016 17:43:28 +0200
Subject: [PATCH] Bypass world-writable checks on Windows

 * src/hsts.c (hsts_file_access_valid): we should check for "world-writable"
   files only on Unix-based systems. It's difficult to mimic the same behavior
   on Windows, so it's better to just not do it.

Reported-by: Gisle Vanem <address@hidden>
Reported-by: Eli Zaretskii <address@hidden>
---
 src/hsts.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/hsts.c b/src/hsts.c
index 4d748ac..a0087a6 100644
--- a/src/hsts.c
+++ b/src/hsts.c
@@ -348,7 +348,15 @@ hsts_file_access_valid (const char *filename)
   if (stat (filename, &st) == -1)
     return false;
 
-  return !(st.st_mode & S_IWOTH) && S_ISREG (st.st_mode);
+  return
+#ifndef WINDOWS
+      /*
+       * The world-writable concept is a Unix-centric notion.
+       * We bypass this test on Windows.
+       */
+      !(st.st_mode & S_IWOTH) &&
+#endif
+      S_ISREG (st.st_mode);
 }
 
 /* HSTS API */
-- 
2.1.4