Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 41123 Details for
Bug 66358
sys-libs/glibc: Insecure tempfile handling
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
glibc-2.3.3-tempfile.patch
glibc-2.3.3-tempfile.patch (text/plain), 1.75 KB, created by
Luke Macken (RETIRED)
on 2004-10-04 22:43:44 UTC
(
hide
)
Description:
glibc-2.3.3-tempfile.patch
Filename:
MIME Type:
Creator:
Luke Macken (RETIRED)
Created:
2004-10-04 22:43:44 UTC
Size:
1.75 KB
patch
obsolete
>--- glibc-2.3.2.orig/debug/catchsegv.sh 2004-10-05 01:25:30.683814576 -0400 >+++ glibc-2.3.2/debug/catchsegv.sh 2004-10-05 01:26:57.567606232 -0400 >@@ -49,9 +49,7 @@ > esac > fi > >-segv_output=`basename "$prog"`.segv.$$ >-# Make sure this output file does not exist. >-rm -f "$segv_output" >+segv_output=`mktemp \`basename "$prog".segv.XXXXXX\`` || exit 1 > > # Redirect stderr to avoid termination message from shell. > (exec 3>&2 2>/dev/null >@@ -64,7 +62,7 @@ > # Check for output. Even if the program terminated correctly it might > # be that a minor process (clone) failed. Therefore we do not check the > # exit code. >-if test -f "$segv_output"; then >+if test -s "$segv_output"; then > # The program caught a signal. The output is in the file with the > # name we have in SEGFAULT_OUTPUT_NAME. In the output the names of > # functions in shared objects are available, but names in the static >@@ -101,7 +99,7 @@ > ;; > esac > done) >- rm -f "$segv_output" > fi >+rm -f "$segv_output" > > exit $exval >--- glibc-2.3.2.orig/libio/oldtmpfile.c 2004-10-05 01:25:31.045759552 -0400 >+++ glibc-2.3.2/libio/oldtmpfile.c 2004-10-05 01:27:55.304828840 -0400 >@@ -36,7 +36,7 @@ > int fd; > FILE *f; > >- if (__path_search (buf, FILENAME_MAX, NULL, "tmpf", 0)) >+ if (__path_search (buf, FILENAME_MAX, NULL, "tmpf", 1)) > return NULL; > fd = __gen_tempname (buf, __GT_FILE); > if (fd < 0) >--- glibc-2.3.2.orig/sysdeps/generic/tmpfile.c 2004-10-05 01:25:40.103382584 -0400 >+++ glibc-2.3.2/sysdeps/generic/tmpfile.c 2004-10-05 01:28:55.235717960 -0400 >@@ -43,7 +43,7 @@ > int fd; > FILE *f; > >- if (__path_search (buf, FILENAME_MAX, NULL, "tmpf", 0)) >+ if (__path_search (buf, FILENAME_MAX, NULL, "tmpf", 1)) > return NULL; > fd = __gen_tempname (buf, GEN_THIS); > if (fd < 0)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=41123">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 66358
:
41097
| 41123 |
41157
|
41323
