OpenSDE
/
rocklinux
mirror of https://github.com/amery/rocklinux.git
2
0
Fork 0
Code Releases Wiki Activity
mirror of the now-defunct rocklinux.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7649 Commits
1 Branch
0 Tags
34 MiB
Tree: ea3f9b52f9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ea3f9b52f9'
${ noResults }
rocklinux/package/base/texinfo/texinfo-4.9-tempfile_fix-1....

82 lines
2.3 KiB
Raw Normal View History

Stefan Fiedler: texinfo: cross-build in stage 2; add security fix from lfs.org [2007091023140931424] (https://www.rocklinux.net/submaster) git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@8743 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
17 years ago
  1. Copied from www.linuxfromscratch.org to ROCK Linux.
  3. Updated By: Bruce Dubbs (bdubbs -aT- linuxfromscratch -DoT- org)
  4. Date: 2005-12-12
  5. Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
  6. Date: 2005-10-08
  7. Initial Package Version: 4.8
  8. Origin: http://gentoo.kems.net/gentoo-portage/sys-apps/texinfo/files/texinfo-4.8-tempfile.patch
  9. Upstream Status: A few patches are floating around in Debian BZ #328365 of which
  10. upstream hasn't made a full commitment on yet.
  11. Description: (CAN-2005-3011) texindex in texinfo 4.8 and earlier allows local
  12. users to overwrite arbitrary files via a symlink attack on
  13. temporary files.
  14. Update: Changed to not pass a constant string to mktemp().
  16. diff -Naur texinfo-4.9.orig/util/texindex.c texinfo-4.9/util/texindex.c
  17. --- texinfo-4.9.orig/util/texindex.c 2007-07-23 07:11:38.000000000 -0400
  18. +++ texinfo-4.9/util/texindex.c 2007-07-23 07:11:49.000000000 -0400
  19. @@ -99,6 +99,9 @@
  20. /* Directory to use for temporary files. On Unix, it ends with a slash. */
  21. char *tempdir;
  23. +/* Basename for temp files inside of tempdir. */
  24. +char *tempbase;
  25. +
  26. /* Number of last temporary file. */
  27. int tempcount;
  29. @@ -153,6 +156,7 @@
  30. main (int argc, char **argv)
  31. {
  32. int i;
  33. + char template[]="txidxXXXXXX";
  35. tempcount = 0;
  36. last_deleted_tempcount = 0;
  37. @@ -190,6 +194,11 @@
  39. decode_command (argc, argv);
  41. + /* XXX mkstemp not appropriate, as we need to have somewhat predictable
  42. + * names. But race condition was fixed, see maketempname.
  43. + */
  44. + tempbase = mktemp (template);
  45. +
  46. /* Process input files completely, one by one. */
  48. for (i = 0; i < num_infiles; i++)
  49. @@ -390,21 +399,21 @@
  50. static char *
  51. maketempname (int count)
  52. {
  53. - static char *tempbase = NULL;
  54. char tempsuffix[10];
  55. -
  56. - if (!tempbase)
  57. - {
  58. - int fd;
  59. - tempbase = concat (tempdir, "txidxXXXXXX");
  60. -
  61. - fd = mkstemp (tempbase);
  62. - if (fd == -1)
  63. - pfatal_with_name (tempbase);
  64. - }
  65. + char *name, *tmp_name;
  66. + int fd;
  68. sprintf (tempsuffix, ".%d", count);
  69. - return concat (tempbase, tempsuffix);
  70. + tmp_name = concat (tempdir, tempbase);
  71. + name = concat (tmp_name, tempsuffix);
  72. + free(tmp_name);
  73. +
  74. + fd = open (name, O_CREAT|O_EXCL|O_WRONLY, 0600);
  75. + if (fd == -1)
  76. + pfatal_with_name (name);
  77. +
  78. + close(fd);
  79. + return name;
  80. }