| Summary: | zdiff bug in gzip-1.3.5-r2 | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Michael Moen <mi-gentoo> |
| Component: | New packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
| Status: | VERIFIED FIXED | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | x86 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Michael Moen
2004-11-06 09:48:54 UTC
gzip-r4 in the tree. No patch for this. Remains problem (security bug?) hi,
i guess, the problem is here:
line 37:
tmp=`tempfile -d /tmp -p gz` || {
...
this actually _creates_ a temporary file...
and this behaviour of tempfile is the reason, why
line 53:
gzip -cdfq "$2" > $tmp || exit
(correctly) refuses to extract to an existing file...
solution:
one could unlink the tempfile after creating it with tempfile
note, that this solution would introduce (theoretically) a race condition...
(an attacker knows the tempfilename after unlinking and _before_ actually writing to that file)
as gzip refuses to extract, if the file already exists, i guess this would be a
good solution anyways...
further comments?
best regards
florian
fixed in 1.3.5-r4 Still does not work when comparing 2 gzipped files. zdiff mysql-2004-11-13-170003.sql.gz mysql-2004-12-08-140005.sql.gz /bin/zdiff: line 51: /tmp/mysql2004-12-08-140005.sql.gz.52jbkt: cannot overwrite existing file And now that gzip-1.3.5-r1 has been removed from the tree I don't have a working version of gzip. fixed in gzip-1.3.5-r5 Confirmed fixed in gzip-1.3.5-r5 |
