source: patches/texinfo-4.9-tempfile_fix-1.patch@ 725ea6d

clfs-1.2 clfs-2.1 clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since 725ea6d was d5d259c, checked in by Joe Ciccone <jciccone@…>, 17 years ago

Updated Texinfo to 4.9.

  • Property mode set to 100644
File size: 2.2 KB
  • util/texindex.c

    Updated By: Bruce Dubbs (bdubbs -aT- linuxfromscratch -DoT- org)
    Date: 2005-12-12
    Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
    Date: 2005-10-08
    Initial Package Version: 4.8
    Origin: http://gentoo.kems.net/gentoo-portage/sys-apps/texinfo/files/texinfo-4.8-tempfile.patch
    Upstream Status: A few patches are floating around in Debian BZ #328365 of which
                     upstream hasn't made a full commitment on yet.
    Description: (CAN-2005-3011) texindex in texinfo 4.8 and earlier allows local
                 users to overwrite arbitrary files via a symlink attack on
                 temporary files.
    Update: Changed to not pass a constant string to mktemp().
    
    diff -Naur texinfo-4.9.orig/util/texindex.c texinfo-4.9/util/texindex.c
    old new  
    9999/* Directory to use for temporary files.  On Unix, it ends with a slash.  */
    100100char *tempdir;
    101101
     102/* Basename for temp files inside of tempdir.  */
     103char *tempbase;
     104
    102105/* Number of last temporary file.  */
    103106int tempcount;
    104107
     
    153156main (int argc, char **argv)
    154157{
    155158  int i;
     159  char template[]="txidxXXXXXX";
    156160
    157161  tempcount = 0;
    158162  last_deleted_tempcount = 0;
     
    190194
    191195  decode_command (argc, argv);
    192196
     197  /* XXX mkstemp not appropriate, as we need to have somewhat predictable
     198   * names. But race condition was fixed, see maketempname.
     199   */
     200  tempbase = mktemp (template);
     201
    193202  /* Process input files completely, one by one.  */
    194203
    195204  for (i = 0; i < num_infiles; i++)
     
    390399static char *
    391400maketempname (int count)
    392401{
    393   static char *tempbase = NULL;
    394402  char tempsuffix[10];
    395 
    396   if (!tempbase)
    397     {
    398       int fd;
    399       tempbase = concat (tempdir, "txidxXXXXXX");
    400 
    401       fd = mkstemp (tempbase);
    402       if (fd == -1)
    403         pfatal_with_name (tempbase);
    404     }
     403  char *name, *tmp_name;
     404  int fd;
    405405
    406406  sprintf (tempsuffix, ".%d", count);
    407   return concat (tempbase, tempsuffix);
     407  tmp_name = concat (tempdir, tempbase);
     408  name = concat (tmp_name, tempsuffix);
     409  free(tmp_name);
     410
     411  fd = open (name, O_CREAT|O_EXCL|O_WRONLY, 0600);
     412  if (fd == -1)
     413    pfatal_with_name (name);
     414
     415  close(fd);
     416  return name;
    408417}
    409418
    410419
Note: See TracBrowser for help on using the repository browser.