diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2005-09-29 08:51:10 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2005-09-29 08:51:10 +0000 |
| commit | d7881fb78ef58c53b0482e1d3e1683a1008e1abb (patch) | |
| tree | cc60f77e173e6f17e36418886f6cd119f16f7fe7 /sys-apps/texinfo/files | |
| parent | Version bump. (diff) | |
| download | gentoo-2-d7881fb78ef58c53b0482e1d3e1683a1008e1abb.tar.gz gentoo-2-d7881fb78ef58c53b0482e1d3e1683a1008e1abb.tar.bz2 gentoo-2-d7881fb78ef58c53b0482e1d3e1683a1008e1abb.zip | |
Fix insecure tempfile usage #106105.
(Portage version: 2.0.52-r1 http://www.bash.org/?136501 )
Diffstat (limited to 'sys-apps/texinfo/files')
| -rw-r--r-- | sys-apps/texinfo/files/digest-texinfo-4.8-r1 | 1 | ||||
| -rw-r--r-- | sys-apps/texinfo/files/texinfo-4.8-tempfile.patch | 60 |
2 files changed, 61 insertions, 0 deletions
diff --git a/sys-apps/texinfo/files/digest-texinfo-4.8-r1 b/sys-apps/texinfo/files/digest-texinfo-4.8-r1 new file mode 100644 index 000000000000..89aa6b29dbe2 --- /dev/null +++ b/sys-apps/texinfo/files/digest-texinfo-4.8-r1 @@ -0,0 +1 @@ +MD5 6ba369bbfe4afaa56122e65b3ee3a68c texinfo-4.8.tar.bz2 1521822 diff --git a/sys-apps/texinfo/files/texinfo-4.8-tempfile.patch b/sys-apps/texinfo/files/texinfo-4.8-tempfile.patch new file mode 100644 index 000000000000..c3c9e93d7a5e --- /dev/null +++ b/sys-apps/texinfo/files/texinfo-4.8-tempfile.patch @@ -0,0 +1,60 @@ +http://bugs.gentoo.org/106105 + +--- util/texindex.c ++++ util/texindex.c +@@ -99,6 +99,9 @@ long nlines; + /* Directory to use for temporary files. On Unix, it ends with a slash. */ + char *tempdir; + ++/* Basename for temp files inside of tempdir. */ ++char *tempbase; ++ + /* Number of last temporary file. */ + int tempcount; + +@@ -190,6 +193,11 @@ main (int argc, char **argv) + + decode_command (argc, argv); + ++ /* XXX mkstemp not appropriate, as we need to have somewhat predictable ++ * names. But race condition was fixed, see maketempname. ++ */ ++ tempbase = mktemp ("txidxXXXXXX"); ++ + /* Process input files completely, one by one. */ + + for (i = 0; i < num_infiles; i++) +@@ -392,21 +400,21 @@ For more information about these matters + static char * + maketempname (int count) + { +- static char *tempbase = NULL; + char tempsuffix[10]; +- +- if (!tempbase) +- { +- int fd; +- tempbase = concat (tempdir, "txidxXXXXXX"); +- +- fd = mkstemp (tempbase); +- if (fd == -1) +- pfatal_with_name (tempbase); +- } ++ char *name, *tmp_name; ++ int fd; + + sprintf (tempsuffix, ".%d", count); +- return concat (tempbase, tempsuffix); ++ tmp_name = concat (tempdir, tempbase); ++ name = concat (tmp_name, tempsuffix); ++ free(tmp_name); ++ ++ fd = open (name, O_CREAT|O_EXCL|O_WRONLY, 0600); ++ if (fd == -1) ++ pfatal_with_name (name); ++ ++ close(fd); ++ return name; + } + + |