Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 315079 Details for
Bug 420783
games-fps/{quake3,openarena,tremulous}: symlink attack (CVE-2012-3345)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
[PATCH 2/2] CVE-2012-3345: remove Sys_TempPath() altogether, to avoid misuse
0002-CVE-2012-3345-remove-Sys_TempPath-altogether-to-avoi.patch (text/plain), 2.72 KB, created by
Simon McVittie
on 2012-06-12 08:45:04 UTC
(
hide
)
Description:
[PATCH 2/2] CVE-2012-3345: remove Sys_TempPath() altogether, to avoid misuse
Filename:
MIME Type:
Creator:
Simon McVittie
Created:
2012-06-12 08:45:04 UTC
Size:
2.72 KB
patch
obsolete
>From 6da2182c852b9ea685aff8d4925abd94aa1400cd Mon Sep 17 00:00:00 2001 >From: Simon McVittie <smcv@debian.org> >Date: Mon, 11 Jun 2012 10:56:33 +0100 >Subject: [PATCH 2/2] CVE-2012-3345: remove Sys_TempPath() altogether, to > avoid misuse > >Writing to a predictable filename in /tmp is not safe. > >Signed-off-by: Simon McVittie <smcv@debian.org> >--- > code/qcommon/qcommon.h | 1 - > code/sys/sys_osx.m | 22 ---------------------- > code/sys/sys_unix.c | 17 ----------------- > code/sys/sys_win32.c | 18 ------------------ > 4 files changed, 58 deletions(-) > >diff --git a/code/qcommon/qcommon.h b/code/qcommon/qcommon.h >index 8d36231..389c4f1 100644 >--- a/code/qcommon/qcommon.h >+++ b/code/qcommon/qcommon.h >@@ -1120,7 +1120,6 @@ char *Sys_DefaultAppPath(void); > > void Sys_SetDefaultHomePath(const char *path); > char *Sys_DefaultHomePath(void); >-const char *Sys_TempPath(void); > const char *Sys_Dirname( char *path ); > const char *Sys_Basename( char *path ); > char *Sys_ConsoleInput(void); >diff --git a/code/sys/sys_osx.m b/code/sys/sys_osx.m >index a26d8a2..30bf932 100644 >--- a/code/sys/sys_osx.m >+++ b/code/sys/sys_osx.m >@@ -35,28 +35,6 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA > #import <Cocoa/Cocoa.h> > > /* >-================ >-Sys_TempPath >-================ >-*/ >-const char *Sys_TempPath( void ) >-{ >- static UInt8 posixPath[ MAX_OSPATH ]; >- FSRef ref; >- if( FSFindFolder( kOnAppropriateDisk, >- kTemporaryFolderType, kCreateFolder, &ref ) == noErr ) >- { >- if( FSRefMakePath( &ref, posixPath, >- sizeof( posixPath ) - 1 ) == noErr ) >- { >- return (const char *)posixPath; >- } >- } >- >- return "/tmp"; >-} >- >-/* > ============== > Sys_Dialog > >diff --git a/code/sys/sys_unix.c b/code/sys/sys_unix.c >index e88465d..a60b086 100644 >--- a/code/sys/sys_unix.c >+++ b/code/sys/sys_unix.c >@@ -78,23 +78,6 @@ char *Sys_DefaultHomePath(void) > return homePath; > } > >-#ifndef MACOS_X >-/* >-================ >-Sys_TempPath >-================ >-*/ >-const char *Sys_TempPath( void ) >-{ >- const char *TMPDIR = getenv( "TMPDIR" ); >- >- if( TMPDIR == NULL || TMPDIR[ 0 ] == '\0' ) >- return "/tmp"; >- else >- return TMPDIR; >-} >-#endif >- > /* > ================ > Sys_Milliseconds >diff --git a/code/sys/sys_win32.c b/code/sys/sys_win32.c >index 241fc92..58fd9ab 100644 >--- a/code/sys/sys_win32.c >+++ b/code/sys/sys_win32.c >@@ -129,24 +129,6 @@ char *Sys_DefaultHomePath( void ) > > /* > ================ >-Sys_TempPath >-================ >-*/ >-const char *Sys_TempPath( void ) >-{ >- static TCHAR path[ MAX_PATH ]; >- DWORD length; >- >- length = GetTempPath( sizeof( path ), path ); >- >- if( length > sizeof( path ) || length == 0 ) >- return Sys_DefaultHomePath( ); >- else >- return path; >-} >- >-/* >-================ > Sys_Milliseconds > ================ > */ >-- >1.7.10 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=315079">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 420783
:
315077
| 315079
