Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 44698 Details for
Bug 71595
dev-util/cscope: Race condition on temporary file
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CAN-2004-0996.patch
CAN-2004-0996.patch (text/plain), 1.68 KB, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2004-11-25 01:49:53 UTC
(
hide
)
Description:
CAN-2004-0996.patch
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2004-11-25 01:49:53 UTC
Size:
1.68 KB
patch
obsolete
>diff -u cscope-15.3/debian/changelog cscope-15.3/debian/changelog >--- cscope-15.3/debian/changelog >+++ cscope-15.3/debian/changelog >@@ -1,3 +1,11 @@ >+cscope (15.3-1woody2) stable-security; urgency=high >+ >+ * Non-maintainer upload by the Security Team >+ * Applied adjusted patch by Gerardo Di Giacomo to fix insecure temporary >+ file creation [src/main.c, CAN-2004-0996] >+ >+ -- Martin Schulze <joey@infodrom.org> Wed, 24 Nov 2004 20:42:14 +0100 >+ > cscope (15.3-1) unstable; urgency=low > > * New upstream release. (Thanks to GOTO Masanori for the notification). >only in patch2: >unchanged: >--- cscope-15.3.orig/src/main.c >+++ cscope-15.3/src/main.c >@@ -336,9 +336,32 @@ > } > > /* create the temporary file names */ >- pid = getpid(); >- (void) sprintf(temp1, "%s/cscope%d.1", tmpdir, pid); >- (void) sprintf(temp2, "%s/cscope%d.2", tmpdir, pid); >+ do { >+ char *tempfile = tempnam(tmpdir, "cscope1"); >+ if (!tempfile) { >+ fprintf (stderr, "Can't create tempfile\n"); >+ exit(1); >+ } >+ if (strlen(tempfile) >= sizeof(temp1)) { >+ fprintf (stderr, "TMPDIR path is too long\n"); >+ exit(1); >+ } >+ strncpy (temp1, tempfile, sizeof (temp1)); >+ free (tempfile); >+ } while (open (temp1, O_CREAT|O_EXCL|O_WRONLY, S_IREAD|S_IWRITE) < 0); >+ do { >+ char *tempfile = tempnam(tmpdir, "cscope2"); >+ if (!tempfile) { >+ fprintf (stderr, "Can't create tempfile\n"); >+ exit(1); >+ } >+ if (strlen(tempfile) >= sizeof(temp2)) { >+ fprintf (stderr, "TMPDIR path is too long\n"); >+ exit(1); >+ } >+ strncpy (temp2, tempfile, sizeof (temp2)); >+ free (tempfile); >+ } while (open (temp2, O_CREAT|O_EXCL|O_WRONLY, S_IREAD|S_IWRITE) < 0); > > /* if running in the foreground */ > if (signal(SIGINT, SIG_IGN) != SIG_IGN) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 71595
:
44199
|
44571
| 44698 |
45208
|
45342
|
45463