Hello, Take a look at : src/mount.h 23 #define TUBE_NAME "/tmp/gtkdiskfree" Then to : src/mount.c 32 open_cmd_tube (const gchar *cmd, const gchar *mount_point) 33 { 34 gint status; 35 gchar error[MAXLINE], *line; 36 FILE *sh, *tmp; 37 38 setbuf(stdout, error); 39 line = g_strconcat(cmd, " ", mount_point, " &> ", TUBE_NAME, NULL); 40 sh = popen(line, "r"); 41 g_free(line); 42 43 status = pclose(sh); 44 45 if (status == 0) { 46 remove(TUBE_NAME); 47 gui_list_main_update(GTK_TREE_VIEW(list_treeview)); 48 49 return; 50 } else { 51 if ((tmp = fopen(TUBE_NAME, "r")) == NULL) { 52 gui_list_main_update(GTK_TREE_VIEW(list_treeview)); 53 54 return; 55 } 56 if (fgets(error, MAXLINE-1, tmp) == NULL) { 57 fclose(tmp); 58 remove(TUBE_NAME); 59 gui_list_main_update(GTK_TREE_VIEW(list_treeview)); 60 61 return; 62 } 63 fclose(tmp); 64 remove(TUBE_NAME); 65 error_window(error); 66 } 67 gui_list_main_update(GTK_TREE_VIEW(list_treeview)); 68 69 return; 70 } Regards
Yes, obvious bug. He doesnt need a temp file to do that, popen returns a stream anyway, suggested quick fix attached.
Created attachment 67471 [details, diff] temp file fix
Let us know when upstream is aware.
Hello, Upstream seems to be down. http://gtkdiskfree.tuxfamily.org/ or http://gtkdiskfree.sourceforge.net/ Regards.
Hello, Email sends to vendor-sec@lst.de Regards.
Pulling in maintainer: Daniel, this is still non-public. Since upstream is dead, would you be in favor of patching or removing ?
Hello, Released the 15/09/2005 You can open the bug. Thxs for your time and help. Regards.
Opening
morfic, your opinion ?
at a glance the patch looks good to me
Not worth masking the package... Let's patch it, if we can find someone to do it... vapier: feel like it ?
1.9.3-r1 now in portage
Archs, please test and mark stable...
Stable on ppc.
This is CAN-2005-2918
stable on ppc64
stable on x86
stable on amd64
Ready for GLSA vote
I tend to vote yes.
I tend to vote NO.
I would vote YES, as it's so easy to exploit.
Let there be a GLSA.
GLSA 200510-01
