| Summary: | sys-apps/sharutils | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Daniel Ahlberg (RETIRED) <aliz> |
| Component: | New packages | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | ||
| Priority: | Lowest | ||
| Version: | unspecified | ||
| Hardware: | x86 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Daniel Ahlberg (RETIRED)
2002-10-29 05:21:47 UTC
Proposed patches:
--- sharutils-4.2.1/src/uudecode.c.orig Sat Apr 13 01:26:31 2002
+++ sharutils-4.2.1/src/uudecode.c Sat Apr 13 01:30:32 2002
@@ -81,6 +81,9 @@
/* Single character decode. */
#define DEC(Char) (((Char) - ' ') & 077)
+#if !defined S_ISLNK && defined S_IFLNK
+# define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
+#endif
static int
read_stduu (inname)
@@ -279,6 +282,7 @@
char buf[2 * BUFSIZ];
char *outname;
int do_base64 = 0;
+ struct stat attr;
/* Search for header line. */
@@ -337,6 +341,23 @@
}
}
+ /* Check out file if it exists */
+ if (strcmp (outname, "/dev/stdout") != 0 && strcmp (outname, "-") != 0
+ && !access(outname, F_OK)) {
+ if (lstat(outname, &attr) == -1) {
+ error (0, errno, _("cannot access %s"), outname);
+ return 1;
+ }
+ if (S_ISFIFO(attr.st_mode)){
+ error (0, errno, _("denied writing FIFO (%s)"), outname);
+ return 1;
+ }
+ if (S_ISLNK(attr.st_mode)) {
+ error (0, errno, _("not following symlink (%s)"), outname);
+ return 1;
+ }
+ }
+
/* Create output file and set mode. */
if (strcmp (outname, "/dev/stdout") != 0 && strcmp (outname, "-") != 0
--- sharutils-4.2.1/src/mailshar.in.orig Fri May 11 21:45:29 2001
+++ sharutils-4.2.1/src/mailshar.in Fri May 11 21:50:40 2001
@@ -33,7 +33,11 @@
If none of -MTBzZ are given, -z is automatically selected if *none*
of the FILEs have an .arc, .exz, .gif, .z, .gz, .Z, .zip or .zoo suffix."
-temp=/usr/tmp/$$.shar
+temp=`mktemp -q /tmp/$0.XXXXXX`
+if [ $? -ne 0 ]; then
+ echo "$0: Can't create temp file, exiting..."
+ exit 1
+fi
### Decode the options.
|