Attachment 154789 Details for Bug 224193 – uulib-CVE-2008-2266.patch

[patch] uulib-CVE-2008-2266.patch

uulib-CVE-2008-2266.patch (text/plain), 3.12 KB, created by Robert Buchholz (RETIRED) on 2008-05-30 05:59:48 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Robert Buchholz (RETIRED)

Created: 2008-05-30 05:59:48 UTC

Size: 3.12 KB

patch

obsolete

>Index: nzbget-0.2.3/uulib/uunconc.c
>===================================================================
>--- nzbget-0.2.3.orig/uulib/uunconc.c
>+++ nzbget-0.2.3/uulib/uunconc.c
>@@ -1311,6 +1311,11 @@ UUDecode (uulist *data)
>   char *mode, *ntmp;
>   uufile *iter;
>   size_t bytes;
>+#ifdef HAVE_MKSTEMP
>+  int tmpfd;
>+  const char *tmpprefix = "uuXXXXXX";
>+  char *tmpdir = NULL;
>+#endif /* HAVE_MKSTEMP */
> 
>   if (data == NULL || data->thisfile == NULL)
>     return UURET_ILLVAL;
>@@ -1329,13 +1334,35 @@ UUDecode (uulist *data)
>   else
>     mode = "wb";	/* otherwise in binary          */
> 
>+#ifdef HAVE_MKSTEMP
>+  if ((getuid()==geteuid()) && (getgid()==getegid())) {
>+	  tmpdir=getenv("TMPDIR");
>+  }
>+
>+  if (!tmpdir) {
>+	  tmpdir = "/tmp";
>+  }
>+  data->binfile = malloc(strlen(tmpdir)+strlen(tmpprefix)+2);
>+
>+  if (!data->binfile) {
>+#else
>   if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
>+#endif /* HAVE_MKSTEMP */
>     UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
> 	       uustring (S_NO_TEMP_NAME));
>     return UURET_NOMEM;
>   }
> 
>+#ifdef HAVE_MKSTEMP
>+  strcpy(data->binfile, tmpdir);
>+  strcat(data->binfile, "/");
>+  strcat(data->binfile, tmpprefix);
>+
>+  if ((tmpfd = mkstemp(data->binfile)) == -1 || 
>+	  (dataout = fdopen(tmpfd, mode)) == NULL) {
>+#else
>   if ((dataout = fopen (data->binfile, mode)) == NULL) {
>+#endif /* HAVE_MKSTEMP */
>     /*
>      * we couldn't create a temporary file. Usually this means that TMP
>      * and TEMP aren't set
>@@ -1343,11 +1370,18 @@ UUDecode (uulist *data)
>     UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
> 	       uustring (S_WR_ERR_TARGET),
> 	       data->binfile, strerror (uu_errno = errno));
>+#ifdef HAVE_MKSTEMP
>+	if (tmpfd != -1) {
>+		unlink(data->binfile);
>+		close(tmpfd);
>+    }
>+#endif /* HAVE_MKSTEMP */
>     _FP_free (data->binfile);
>     data->binfile = NULL;
>     uu_errno = errno;
>     return UURET_IOERR;
>   }
>+
>   /*
>    * we don't have begin lines in Base64 or plain text files.
>    */
>@@ -1496,7 +1530,13 @@ UUDecode (uulist *data)
>    */
> 
>   if (data->uudet == BH_ENCODED && data->binfile) {
>+#ifdef HAVE_MKSTEMP
>+	  ntmp = malloc(strlen(tmpdir)+strlen(tmpprefix)+2);
>+	  
>+	  if (ntmp == NULL) {
>+#else
>     if ((ntmp = tempnam (NULL, "uu")) == NULL) {
>+#endif /* HAVE_MKSTEMP */
>       UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
> 		 uustring (S_NO_TEMP_NAME));
>       progress.action = 0;
>@@ -1510,15 +1550,31 @@ UUDecode (uulist *data)
>       free (ntmp);
>       return UURET_IOERR;
>     }
>+
>+#ifdef HAVE_MKSTEMP
>+    strcpy(ntmp, tmpdir);
>+    strcat(ntmp, "/");
>+    strcat(ntmp, tmpprefix); 
>+    if ((tmpfd = mkstemp(ntmp)) == -1 ||
>+		(dataout = fdopen(tmpfd, "wb")) == NULL) {
>+#else
>     if ((dataout = fopen (ntmp, "wb")) == NULL) {
>+#endif /* HAVE_MKSTEMP */
>       UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
> 		 uustring (S_NOT_OPEN_TARGET),
> 		 ntmp, strerror (uu_errno = errno));
>       progress.action = 0;
>       fclose (datain);
>+#ifdef HAVE_MKSTEMP
>+	  if (tmpfd != -1) {
>+		  unlink(ntmp);
>+		  close(tmpfd);
>+	  }
>+#endif /* HAVE_MKSTEMP */
>       free   (ntmp);
>       return UURET_IOERR;
>     }
>+
>     /*
>      * read fork lengths. remember they're in Motorola format
>      */

Actions: View | Diff

Attachments on bug 224193: 154789