source:
patches/gzip-1.3.5-security_fixes-1.patch@
0c3999a
Last change on this file since 0c3999a was 69cde8d, checked in by , 19 years ago | |
---|---|
|
|
File size: 2.0 KB |
-
gzip-1.3.5
Submitted By: Matthew Burgess (matthew at linuxfromscratch dot org) Origin: http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.1.diff.gz Date: 2005-05-12 Initial package version: 1.3.5 Description: Fix two security vulnerabilities in gzip: A path traversal bug when using the -N option (CAN-2005-1228) and a race condition in the file permission restore code (CAN-2005-0998). diff -Naur gzip-1.3.5.orig/gzip.c gzip-1.3.5/gzip.c
old new 875 875 } 876 876 877 877 close(ifd); 878 if (!to_stdout && close(ofd)) { 879 write_error(); 878 if (!to_stdout) { 879 /* Copy modes, times, ownership, and remove the input file */ 880 copy_stat(&istat); 881 if (close(ofd)) 882 write_error(); 880 883 } 881 884 if (method == -1) { 882 885 if (!to_stdout) xunlink (ofname); … … 896 899 } 897 900 fprintf(stderr, "\n"); 898 901 } 899 /* Copy modes, times, ownership, and remove the input file */900 if (!to_stdout) {901 copy_stat(&istat);902 }903 902 } 904 903 905 904 /* ======================================================================== … … 1324 1323 error("corrupted input -- file name too large"); 1325 1324 } 1326 1325 } 1326 char *base2 = base_name (base); 1327 strcpy(base, base2); 1327 1328 /* If necessary, adapt the name to local OS conventions: */ 1328 1329 if (!list) { 1329 1330 MAKE_LEGAL_NAME(base); … … 1725 1726 reset_times(ofname, ifstat); 1726 1727 #endif 1727 1728 /* Copy the protection modes */ 1728 if ( chmod(ofname, ifstat->st_mode & 07777)) {1729 if (fchmod(ofd, ifstat->st_mode & 07777)) { 1729 1730 int e = errno; 1730 1731 WARN((stderr, "%s: ", progname)); 1731 1732 if (!quiet) { … … 1734 1735 } 1735 1736 } 1736 1737 #ifndef NO_CHOWN 1737 chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */1738 fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ 1738 1739 #endif 1739 1740 remove_ofname = 0; 1740 1741 /* It's now safe to remove the input file: */
Note:
See TracBrowser
for help on using the repository browser.