Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 41097 Details for
Bug 66358
sys-libs/glibc: Insecure tempfile handling
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
glibc-2.3.2-tempfile.patch
glibc-2.3.2-tempfile.patch (text/plain), 5.83 KB, created by
Luke Macken (RETIRED)
on 2004-10-04 15:15:36 UTC
(
hide
)
Description:
glibc-2.3.2-tempfile.patch
Filename:
MIME Type:
Creator:
Luke Macken (RETIRED)
Created:
2004-10-04 15:15:36 UTC
Size:
5.83 KB
patch
obsolete
>diff -ur glibc-2.3.2.orig/debug/catchsegv.sh glibc-2.3.2/debug/catchsegv.sh >--- glibc-2.3.2.orig/debug/catchsegv.sh 2003-02-06 04:03:51.000000000 +0100 >+++ glibc-2.3.2/debug/catchsegv.sh 2004-09-20 10:45:09.000000000 +0200 >@@ -49,9 +49,7 @@ > esac > fi > >-segv_output=`basename "$prog"`.segv.$$ >-# Make sure this output file does not exist. >-rm -f "$segv_output" >+segv_output=`mktemp \`basename "$prog".segv.XXXXXX\`` || exit 1 > > # Redirect stderr to avoid termination message from shell. > (exec 3>&2 2>/dev/null >@@ -64,7 +62,7 @@ > # Check for output. Even if the program terminated correctly it might > # be that a minor process (clone) failed. Therefore we do not check the > # exit code. >-if test -f "$segv_output"; then >+if test -s "$segv_output"; then > # The program caught a signal. The output is in the file with the > # name we have in SEGFAULT_OUTPUT_NAME. In the output the names of > # functions in shared objects are available, but names in the static >@@ -101,7 +99,7 @@ > ;; > esac > done) >- rm -f "$segv_output" > fi >+rm -f "$segv_output" > > exit $exval >diff -ur glibc-2.3.2.orig/glibcbug.in glibc-2.3.2/glibcbug.in >--- glibc-2.3.2.orig/glibcbug.in 2002-07-16 20:13:13.000000000 +0200 >+++ glibc-2.3.2/glibcbug.in 2004-09-20 11:10:43.000000000 +0200 >@@ -22,18 +22,14 @@ > BUILD_BOUNDED="@bounded@" > BUILD_STATIC_NSS="@static_nss@" > >-TEMP=`mktemp -q ${TMPDIR-/tmp}/glibcbugXXXXXX 2>/dev/null` >-if test $? -ne 0; then >- TEMP=${TMPDIR-/tmp}/glibcbug.$$ >- echo > $TEMP >- chmod 600 $TEMP >-fi >-TEMPx=`mktemp -q ${TMPDIR-/tmp}/glibcbugXXXXXX 2>/dev/null` >-if test $? -ne 0; then >- TEMPx=${TMPDIR-/tmp}/glibcbug.$$.x >- echo > $TEMPx >- chmod 600 $TEMPx >-fi >+TEMP="`mktemp -t glibcbugXXXXXXXXXX`" || exit 1 >+TEMPx="`mktemp -t glibcbugXXXXXXXXXX`" || { >+ rm -f "$TEMP" >+ exit 1 >+} >+ >+trap 'rm -f "$TEMP" "$TEMPx"; exit 1' HUP INT PIPE TERM >+trap 'rm -f "$TEMP" "$TEMPx"' EXIT > > BUGGLIBC="glibc-bug-reports-${RELEASE}@gnu.org" > BUGADDR=${1-$BUGGLIBC} >@@ -42,10 +38,6 @@ > > : ${USER=${LOGNAME-`whoami`}} > >-trap 'rm -f $TEMP $TEMPx; exit 1' 1 2 3 13 15 >-trap 'rm -f $TEMP $TEMPx' 0 >- >- > # How to read the passwd database. > PASSWD="cat /etc/passwd" > >@@ -72,8 +64,8 @@ > else > # Must use temp file due to incompatibilities in quoting behavior > # and to protect shell metacharacters in the expansion of $LOGNAME >- $PASSWD | grep "^$LOGNAME:" | awk -F: '{print $5}' | sed -e 's/,.*//' > $TEMP >- ORIGINATOR="`cat $TEMP`" >+ $PASSWD | grep "^$LOGNAME:" | awk -F: '{print $5}' | sed -e 's/,.*//' > "$TEMP" >+ ORIGINATOR="`cat "$TEMP"`" > fi > > if [ -n "$ORGANIZATION" ]; then >@@ -123,7 +115,7 @@ > FIX_C='<how to correct or work around the problem, if known (multiple lines)>' > > >-cat > $TEMP <<EOF >+cat > "$TEMP" <<EOF > SEND-PR: -*- send-pr -*- > SEND-PR: Lines starting with \`SEND-PR' will be removed automatically, as > SEND-PR: will all comments (text enclosed in \`<' and \`>'). >@@ -171,12 +163,12 @@ > $FIX_C > EOF > >-chmod u+w $TEMP >-cp $TEMP $TEMPx >+chmod u+w "$TEMP" >+cp "$TEMP" "$TEMPx" > >-eval $EDIT $TEMP >+eval $EDIT "$TEMP" > >-if cmp -s $TEMP $TEMPx; then >+if cmp -s "$TEMP" "$TEMPx"; then > echo "File not changed, no bug report submitted." > exit 1 > fi >@@ -205,7 +197,7 @@ > # 1) Severity > # > PATTERN=">Severity:" >- SEVERITY=`eval sed -n -e "\"$SED_CMD\"" $TEMP` >+ SEVERITY=`eval sed -n -e "\"$SED_CMD\"" "$TEMP"` > case "$SEVERITY" in > ""|non-critical|serious|critical) CNT=`expr $CNT + 1` ;; > *) echo "$COMMAND: \`$SEVERITY' is not a valid value for \`Severity'." >@@ -214,7 +206,7 @@ > # 2) Priority > # > PATTERN=">Priority:" >- PRIORITY=`eval sed -n -e "\"$SED_CMD\"" $TEMP` >+ PRIORITY=`eval sed -n -e "\"$SED_CMD\"" "$TEMP"` > case "$PRIORITY" in > ""|low|medium|high) CNT=`expr $CNT + 1` ;; > *) echo "$COMMAND: \`$PRIORITY' is not a valid value for \`Priority'." >@@ -223,7 +215,7 @@ > # 3) Class > # > PATTERN=">Class:" >- CLASS=`eval sed -n -e "\"$SED_CMD\"" $TEMP` >+ CLASS=`eval sed -n -e "\"$SED_CMD\"" "$TEMP"` > case "$CLASS" in > ""|sw-bug|doc-bug|change-request|support) CNT=`expr $CNT + 1` ;; > *) echo "$COMMAND: \`$CLASS' is not a valid value for \`Class'." >@@ -238,11 +230,11 @@ > case "$input" in > a*) > echo "$COMMAND: problem report saved in $HOME/dead.glibcbug." >- cat $TEMP >> $HOME/dead.glibcbug >+ cat "$TEMP" >> $HOME/dead.glibcbug > xs=1; exit > ;; > e*) >- eval $EDIT $TEMP >+ eval $EDIT "$TEMP" > continue 2 > ;; > s*) >@@ -269,15 +261,15 @@ > /^>Description:/,/^>[A-Za-z-]*:/s;$DESCRIPTION_C;; > /^>How-To-Repeat:/,/^>[A-Za-z-]*:/s;$HOW_TO_REPEAT_C;; > /^>Fix:/,/^>[A-Za-z-]*:/s;$FIX_C;; >-" $TEMP > $TEMPx >+" "$TEMP" > "$TEMPx" > >-if $MAIL_AGENT < $TEMPx; then >+if $MAIL_AGENT < "$TEMPx"; then > echo "$COMMAND: problem report sent" > xs=0; exit > else > echo "$COMMAND: mysterious mail failure, report not sent." > echo "$COMMAND: problem report saved in $HOME/dead.glibcbug." >- cat $TEMP >> $HOME/dead.glibcbug >+ cat "$TEMP" >> $HOME/dead.glibcbug > fi > > exit 0 >diff -ur glibc-2.3.2.orig/libio/oldtmpfile.c glibc-2.3.2/libio/oldtmpfile.c >--- glibc-2.3.2.orig/libio/oldtmpfile.c 2002-04-08 09:02:09.000000000 +0200 >+++ glibc-2.3.2/libio/oldtmpfile.c 2004-09-20 11:10:43.000000000 +0200 >@@ -35,7 +35,7 @@ > int fd; > FILE *f; > >- if (__path_search (buf, FILENAME_MAX, NULL, "tmpf", 0)) >+ if (__path_search (buf, FILENAME_MAX, NULL, "tmpf", 1)) > return NULL; > fd = __gen_tempname (buf, __GT_FILE); > if (fd < 0) >diff -ur glibc-2.3.2.orig/sysdeps/generic/tmpfile.c glibc-2.3.2/sysdeps/generic/tmpfile.c >--- glibc-2.3.2.orig/sysdeps/generic/tmpfile.c 2002-06-12 22:57:46.000000000 +0200 >+++ glibc-2.3.2/sysdeps/generic/tmpfile.c 2004-09-20 11:10:43.000000000 +0200 >@@ -43,7 +43,7 @@ > int fd; > FILE *f; > >- if (__path_search (buf, FILENAME_MAX, NULL, "tmpf", 0)) >+ if (__path_search (buf, FILENAME_MAX, NULL, "tmpf", 1)) > return NULL; > fd = __gen_tempname (buf, GEN_THIS); > if (fd < 0)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=41097">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 66358
:
41097
|
41123
|
41157
|
41323
