| 1 |
graaff 08/02/29 15:31:50 |
| 2 |
|
| 3 |
Added: wml-2.0.11-tmpfile.patch |
| 4 |
Log: |
| 5 |
Fix insecure tmpfile usage #209927 |
| 6 |
(Portage version: 2.1.4.4) |
| 7 |
|
| 8 |
Revision Changes Path |
| 9 |
1.1 dev-lang/wml/files/wml-2.0.11-tmpfile.patch |
| 10 |
|
| 11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/wml/files/wml-2.0.11-tmpfile.patch?rev=1.1&view=markup |
| 12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/wml/files/wml-2.0.11-tmpfile.patch?rev=1.1&content-type=text/plain |
| 13 |
|
| 14 |
Index: wml-2.0.11-tmpfile.patch |
| 15 |
=================================================================== |
| 16 |
This patch fixes insecure tmpfile usage as mentioned in #209927. It is |
| 17 |
essentially the debian patch mentioned in that bug report. |
| 18 |
|
| 19 |
diff -u wml-2.0.11/wml_contrib/wmg.cgi wml-2.0.11/wml_contrib/wmg.cgi |
| 20 |
--- wml-2.0.11/wml_contrib/wmg.cgi |
| 21 |
+++ wml-2.0.11/wml_contrib/wmg.cgi |
| 22 |
@@ -366,14 +366,7 @@ |
| 23 |
($w, $h, $t) = Image::Size::imgsize(\$contents); |
| 24 |
if ($w*$h == 1) { |
| 25 |
# read image into GD |
| 26 |
- $tmpfile = "/tmp/pe.tmp.$$"; |
| 27 |
- unlink($tmpfile); |
| 28 |
- open(TMP, ">$tmpfile"); |
| 29 |
- print TMP $contents; |
| 30 |
- close(TMP); |
| 31 |
- open(TMP, "<$tmpfile"); |
| 32 |
- $tmpimg = newFromGif GD::Image(TMP); |
| 33 |
- close(TMP); |
| 34 |
+ $tmpimg = newFromGifData GD::Image($contents); |
| 35 |
unlink($tmpfile); |
| 36 |
if ($tmpimg->transparent != -1) { |
| 37 |
my $im = new GD::Image($w, $h); |
| 38 |
diff -u wml-2.0.11/wml_backend/p1_ipp/ipp.src wml-2.0.11/wml_backend/p1_ipp/ipp.src |
| 39 |
--- wml-2.0.11/wml_backend/p1_ipp/ipp.src 2005-12-01 18:50:13.000000000 +0100 |
| 40 |
+++ wml-2.0.11/wml_backend/p1_ipp/ipp.src 2008-02-29 16:06:15.000000000 +0100 |
| 41 |
@@ -17,6 +17,7 @@ |
| 42 |
use Getopt::Long 2.13; |
| 43 |
use IO::Handle 1.15; |
| 44 |
use IO::File 1.06; |
| 45 |
+use File::Temp qw/ mkdtemp /; |
| 46 |
|
| 47 |
# |
| 48 |
# help functions |
| 49 |
@@ -564,8 +565,8 @@ |
| 50 |
# |
| 51 |
# process the pre-loaded include files |
| 52 |
# |
| 53 |
-$tmpdir = $ENV{'TMPDIR'} || '/tmp'; |
| 54 |
-$tmpfile = $tmpdir . "/ipp.$$.tmp"; |
| 55 |
+my $tmpldir = ($ENV{'TMPDIR'} || '/tmp') . '/ipp.XXXXXX'; |
| 56 |
+$tmpdir = mkdtemp($tmpldir) or die "Unable to create temporary directory: $!\n";$tmpfile = $tmpdir . "/ipp.$$.tmp"; |
| 57 |
unlink($tmpfile); |
| 58 |
$tmp = new IO::File; |
| 59 |
$tmp->open(">$tmpfile") || error("cannot write into $tmpfile: $!"); |
| 60 |
--- wml-2.0.11.orig/wml_backend/p3_eperl/eperl_sys.c |
| 61 |
+++ wml-2.0.11/wml_backend/p3_eperl/eperl_sys.c |
| 62 |
@@ -211,13 +211,20 @@ |
| 63 |
{ |
| 64 |
char ca[1024]; |
| 65 |
char *cp, *tmpdir; |
| 66 |
+ char tmpfile[] = "eperl_sourceXXXXXX"; |
| 67 |
int i; |
| 68 |
+ int fd = -1; |
| 69 |
|
| 70 |
tmpdir = getenv ("TMPDIR"); |
| 71 |
if (tmpdir == (char *) NULL) |
| 72 |
tmpdir="/tmp"; |
| 73 |
|
| 74 |
- snprintf(ca, sizeof(ca), "%s/%s.%d.tmp%d", tmpdir, id, (int)getpid(), mytmpfilecnt++); |
| 75 |
+ snprintf(ca, sizeof(ca), "%s/%s", tmpdir, tmpfile); |
| 76 |
+ if ((fd = mkstemp(ca)) == -1) { |
| 77 |
+ perror("Cannot create tmpfile"); |
| 78 |
+ return NULL; |
| 79 |
+ } |
| 80 |
+ close(fd); |
| 81 |
ca[sizeof(ca)-1] = NUL; |
| 82 |
cp = strdup(ca); |
| 83 |
for (i = 0; mytmpfiles[i] != NULL; i++) |
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
-- |
| 88 |
gentoo-commits@l.g.o mailing list |
Archives