gentoo-overlay/app-text/a2ps/files/a2ps-4.14-CVE-2001-1593.patch

CVE-2001-1593: Fix insecure use of /tmp


Author(s):

 * Fri Jan 05 2001 Preston Brown <pbrown@redhat.com>

followed the next month by a fix to that patch:

 * Mon Feb 12 2001 Tim Waugh <twaugh@redhat.com>

(see https://bugzilla.redhat.com/show_bug.cgi?id=1060630#c5)

Origin:

http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch

--- a/lib/routines.c
+++ b/lib/routines.c
@@ -242,3 +242,50 @@
   /* Don't complain if you can't unlink.  Who cares of a tmp file? */
   unlink (filename);
 }
+
+/*
+ * Securely generate a temp file, and make sure it gets
+ * deleted upon exit.
+ */
+static char **	tempfiles;
+static unsigned	ntempfiles;
+
+static void
+cleanup_tempfiles()
+{
+	while (ntempfiles--)
+		unlink(tempfiles[ntempfiles]);
+}
+
+char *
+safe_tempnam(const char *pfx)
+{
+	char	*dirname, *filename;
+	int	fd;
+
+	if (!(dirname = getenv("TMPDIR")))
+		dirname = "/tmp";
+
+	tempfiles = (char **) realloc(tempfiles,
+			(ntempfiles+1) * sizeof(char *));
+	if (tempfiles == NULL)
+		return NULL;
+
+	filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
+	if (!filename)
+		return NULL;
+
+	sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
+
+	if ((fd = mkstemp(filename)) < 0) {
+		free(filename);
+		return NULL;
+	}
+	close(fd);
+
+	if (ntempfiles == 0)
+		atexit(cleanup_tempfiles);
+	tempfiles[ntempfiles++] = filename;
+
+	return filename;
+}
--- a/lib/routines.h
+++ b/lib/routines.h
@@ -255,7 +255,8 @@
 /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
 #define tempname_ensure(Str)				\
 do {							\
-  (Str) = (Str) ? (Str) : tempnam (NULL, "a2_");	\
+  (Str) = (Str) ? (Str) : safe_tempnam("a2_");	\
 } while (0)
+char * safe_tempnam(const char *);
 
 #endif