OpenSDE
/
rocklinux
mirror of https://github.com/amery/rocklinux.git
2
0
Fork 0
Code Releases Wiki Activity
mirror of the now-defunct rocklinux.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7291 Commits
1 Branch
0 Tags
34 MiB
 
 
 
 
 
 
Tree: db787e07e9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'db787e07e9'
${ noResults }
rocklinux/package/base/texinfo/texinfo-4.9-tempfile_fix-1....

82 lines
2.3 KiB
Raw Blame History

Copied from www.linuxfromscratch.org to ROCK Linux.
Updated By: Bruce Dubbs (bdubbs -aT- linuxfromscratch -DoT- org)
Date: 2005-12-12
Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
Date: 2005-10-08
Initial Package Version: 4.8
Origin: http://gentoo.kems.net/gentoo-portage/sys-apps/texinfo/files/texinfo-4.8-tempfile.patch
Upstream Status: A few patches are floating around in Debian BZ #328365 of which
upstream hasn't made a full commitment on yet.
Description: (CAN-2005-3011) texindex in texinfo 4.8 and earlier allows local
users to overwrite arbitrary files via a symlink attack on
temporary files.
Update: Changed to not pass a constant string to mktemp().
diff -Naur texinfo-4.9.orig/util/texindex.c texinfo-4.9/util/texindex.c
--- texinfo-4.9.orig/util/texindex.c 2007-07-23 07:11:38.000000000 -0400
+++ texinfo-4.9/util/texindex.c 2007-07-23 07:11:49.000000000 -0400
@@ -99,6 +99,9 @@
/* Directory to use for temporary files. On Unix, it ends with a slash. */
char *tempdir;
+/* Basename for temp files inside of tempdir. */
+char *tempbase;
+
/* Number of last temporary file. */
int tempcount;
@@ -153,6 +156,7 @@
main (int argc, char **argv)
{
int i;
+ char template[]="txidxXXXXXX";
tempcount = 0;
last_deleted_tempcount = 0;
@@ -190,6 +194,11 @@
decode_command (argc, argv);
+ /* XXX mkstemp not appropriate, as we need to have somewhat predictable
+ * names. But race condition was fixed, see maketempname.
+ */
+ tempbase = mktemp (template);
+
/* Process input files completely, one by one. */
for (i = 0; i < num_infiles; i++)
@@ -390,21 +399,21 @@
static char *
maketempname (int count)
{
- static char *tempbase = NULL;
char tempsuffix[10];
-
- if (!tempbase)
- {
- int fd;
- tempbase = concat (tempdir, "txidxXXXXXX");
-
- fd = mkstemp (tempbase);
- if (fd == -1)
- pfatal_with_name (tempbase);
- }
+ char *name, *tmp_name;
+ int fd;
sprintf (tempsuffix, ".%d", count);
- return concat (tempbase, tempsuffix);
+ tmp_name = concat (tempdir, tempbase);
+ name = concat (tmp_name, tempsuffix);
+ free(tmp_name);
+
+ fd = open (name, O_CREAT|O_EXCL|O_WRONLY, 0600);
+ if (fd == -1)
+ pfatal_with_name (name);
+
+ close(fd);
+ return name;
}