1 |
graaff 08/02/29 15:31:50 |
2 |
|
3 |
Added: wml-2.0.11-tmpfile.patch |
4 |
Log: |
5 |
Fix insecure tmpfile usage #209927 |
6 |
(Portage version: 2.1.4.4) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 dev-lang/wml/files/wml-2.0.11-tmpfile.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/wml/files/wml-2.0.11-tmpfile.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/wml/files/wml-2.0.11-tmpfile.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: wml-2.0.11-tmpfile.patch |
15 |
=================================================================== |
16 |
This patch fixes insecure tmpfile usage as mentioned in #209927. It is |
17 |
essentially the debian patch mentioned in that bug report. |
18 |
|
19 |
diff -u wml-2.0.11/wml_contrib/wmg.cgi wml-2.0.11/wml_contrib/wmg.cgi |
20 |
--- wml-2.0.11/wml_contrib/wmg.cgi |
21 |
+++ wml-2.0.11/wml_contrib/wmg.cgi |
22 |
@@ -366,14 +366,7 @@ |
23 |
($w, $h, $t) = Image::Size::imgsize(\$contents); |
24 |
if ($w*$h == 1) { |
25 |
# read image into GD |
26 |
- $tmpfile = "/tmp/pe.tmp.$$"; |
27 |
- unlink($tmpfile); |
28 |
- open(TMP, ">$tmpfile"); |
29 |
- print TMP $contents; |
30 |
- close(TMP); |
31 |
- open(TMP, "<$tmpfile"); |
32 |
- $tmpimg = newFromGif GD::Image(TMP); |
33 |
- close(TMP); |
34 |
+ $tmpimg = newFromGifData GD::Image($contents); |
35 |
unlink($tmpfile); |
36 |
if ($tmpimg->transparent != -1) { |
37 |
my $im = new GD::Image($w, $h); |
38 |
diff -u wml-2.0.11/wml_backend/p1_ipp/ipp.src wml-2.0.11/wml_backend/p1_ipp/ipp.src |
39 |
--- wml-2.0.11/wml_backend/p1_ipp/ipp.src 2005-12-01 18:50:13.000000000 +0100 |
40 |
+++ wml-2.0.11/wml_backend/p1_ipp/ipp.src 2008-02-29 16:06:15.000000000 +0100 |
41 |
@@ -17,6 +17,7 @@ |
42 |
use Getopt::Long 2.13; |
43 |
use IO::Handle 1.15; |
44 |
use IO::File 1.06; |
45 |
+use File::Temp qw/ mkdtemp /; |
46 |
|
47 |
# |
48 |
# help functions |
49 |
@@ -564,8 +565,8 @@ |
50 |
# |
51 |
# process the pre-loaded include files |
52 |
# |
53 |
-$tmpdir = $ENV{'TMPDIR'} || '/tmp'; |
54 |
-$tmpfile = $tmpdir . "/ipp.$$.tmp"; |
55 |
+my $tmpldir = ($ENV{'TMPDIR'} || '/tmp') . '/ipp.XXXXXX'; |
56 |
+$tmpdir = mkdtemp($tmpldir) or die "Unable to create temporary directory: $!\n";$tmpfile = $tmpdir . "/ipp.$$.tmp"; |
57 |
unlink($tmpfile); |
58 |
$tmp = new IO::File; |
59 |
$tmp->open(">$tmpfile") || error("cannot write into $tmpfile: $!"); |
60 |
--- wml-2.0.11.orig/wml_backend/p3_eperl/eperl_sys.c |
61 |
+++ wml-2.0.11/wml_backend/p3_eperl/eperl_sys.c |
62 |
@@ -211,13 +211,20 @@ |
63 |
{ |
64 |
char ca[1024]; |
65 |
char *cp, *tmpdir; |
66 |
+ char tmpfile[] = "eperl_sourceXXXXXX"; |
67 |
int i; |
68 |
+ int fd = -1; |
69 |
|
70 |
tmpdir = getenv ("TMPDIR"); |
71 |
if (tmpdir == (char *) NULL) |
72 |
tmpdir="/tmp"; |
73 |
|
74 |
- snprintf(ca, sizeof(ca), "%s/%s.%d.tmp%d", tmpdir, id, (int)getpid(), mytmpfilecnt++); |
75 |
+ snprintf(ca, sizeof(ca), "%s/%s", tmpdir, tmpfile); |
76 |
+ if ((fd = mkstemp(ca)) == -1) { |
77 |
+ perror("Cannot create tmpfile"); |
78 |
+ return NULL; |
79 |
+ } |
80 |
+ close(fd); |
81 |
ca[sizeof(ca)-1] = NUL; |
82 |
cp = strdup(ca); |
83 |
for (i = 0; mytmpfiles[i] != NULL; i++) |
84 |
|
85 |
|
86 |
|
87 |
-- |
88 |
gentoo-commits@l.g.o mailing list |