82 lines
1.7 KiB
Diff
82 lines
1.7 KiB
Diff
CVE-2001-1593: Fix insecure use of /tmp
|
|
|
|
|
|
Author(s):
|
|
|
|
* Fri Jan 05 2001 Preston Brown <pbrown@redhat.com>
|
|
|
|
followed the next month by a fix to that patch:
|
|
|
|
* Mon Feb 12 2001 Tim Waugh <twaugh@redhat.com>
|
|
|
|
(see https://bugzilla.redhat.com/show_bug.cgi?id=1060630#c5)
|
|
|
|
Origin:
|
|
|
|
http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
|
|
|
|
--- a/lib/routines.c
|
|
+++ b/lib/routines.c
|
|
@@ -242,3 +242,50 @@
|
|
/* Don't complain if you can't unlink. Who cares of a tmp file? */
|
|
unlink (filename);
|
|
}
|
|
+
|
|
+/*
|
|
+ * Securely generate a temp file, and make sure it gets
|
|
+ * deleted upon exit.
|
|
+ */
|
|
+static char ** tempfiles;
|
|
+static unsigned ntempfiles;
|
|
+
|
|
+static void
|
|
+cleanup_tempfiles()
|
|
+{
|
|
+ while (ntempfiles--)
|
|
+ unlink(tempfiles[ntempfiles]);
|
|
+}
|
|
+
|
|
+char *
|
|
+safe_tempnam(const char *pfx)
|
|
+{
|
|
+ char *dirname, *filename;
|
|
+ int fd;
|
|
+
|
|
+ if (!(dirname = getenv("TMPDIR")))
|
|
+ dirname = "/tmp";
|
|
+
|
|
+ tempfiles = (char **) realloc(tempfiles,
|
|
+ (ntempfiles+1) * sizeof(char *));
|
|
+ if (tempfiles == NULL)
|
|
+ return NULL;
|
|
+
|
|
+ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
|
|
+ if (!filename)
|
|
+ return NULL;
|
|
+
|
|
+ sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
|
|
+
|
|
+ if ((fd = mkstemp(filename)) < 0) {
|
|
+ free(filename);
|
|
+ return NULL;
|
|
+ }
|
|
+ close(fd);
|
|
+
|
|
+ if (ntempfiles == 0)
|
|
+ atexit(cleanup_tempfiles);
|
|
+ tempfiles[ntempfiles++] = filename;
|
|
+
|
|
+ return filename;
|
|
+}
|
|
--- a/lib/routines.h
|
|
+++ b/lib/routines.h
|
|
@@ -255,7 +255,8 @@
|
|
/* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
|
|
#define tempname_ensure(Str) \
|
|
do { \
|
|
- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \
|
|
+ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \
|
|
} while (0)
|
|
+char * safe_tempnam(const char *);
|
|
|
|
#endif
|