author | Rich Burridge <rich.burridge@oracle.com> |
Tue, 13 Sep 2016 14:01:54 -0700 | |
changeset 6897 | 95d141a9085b |
permissions | -rw-r--r-- |
6897
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
1 |
Fix CVE-2001-1593 |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
2 |
|
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
3 |
See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1593 |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
4 |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2001-1593 |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
5 |
for more details. |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
6 |
|
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
7 |
Index: b/lib/routines.c |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
8 |
=================================================================== |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
9 |
--- a/lib/routines.c |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
10 |
+++ b/lib/routines.c |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
11 |
@@ -242,3 +242,50 @@ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
12 |
/* Don't complain if you can't unlink. Who cares of a tmp file? */ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
13 |
unlink (filename); |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
14 |
} |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
15 |
+ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
16 |
+/* |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
17 |
+ * Securely generate a temp file, and make sure it gets |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
18 |
+ * deleted upon exit. |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
19 |
+ */ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
20 |
+static char ** tempfiles; |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
21 |
+static unsigned ntempfiles; |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
22 |
+ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
23 |
+static void |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
24 |
+cleanup_tempfiles() |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
25 |
+{ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
26 |
+ while (ntempfiles--) |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
27 |
+ unlink(tempfiles[ntempfiles]); |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
28 |
+} |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
29 |
+ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
30 |
+char * |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
31 |
+safe_tempnam(const char *pfx) |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
32 |
+{ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
33 |
+ char *dirname, *filename; |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
34 |
+ int fd; |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
35 |
+ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
36 |
+ if (!(dirname = getenv("TMPDIR"))) |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
37 |
+ dirname = "/tmp"; |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
38 |
+ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
39 |
+ tempfiles = (char **) realloc(tempfiles, |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
40 |
+ (ntempfiles+1) * sizeof(char *)); |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
41 |
+ if (tempfiles == NULL) |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
42 |
+ return NULL; |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
43 |
+ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
44 |
+ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX")); |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
45 |
+ if (!filename) |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
46 |
+ return NULL; |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
47 |
+ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
48 |
+ sprintf(filename, "%s/%sXXXXXX", dirname, pfx); |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
49 |
+ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
50 |
+ if ((fd = mkstemp(filename)) < 0) { |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
51 |
+ free(filename); |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
52 |
+ return NULL; |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
53 |
+ } |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
54 |
+ close(fd); |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
55 |
+ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
56 |
+ if (ntempfiles == 0) |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
57 |
+ atexit(cleanup_tempfiles); |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
58 |
+ tempfiles[ntempfiles++] = filename; |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
59 |
+ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
60 |
+ return filename; |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
61 |
+} |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
62 |
Index: b/lib/routines.h |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
63 |
=================================================================== |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
64 |
--- a/lib/routines.h |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
65 |
+++ b/lib/routines.h |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
66 |
@@ -255,7 +255,8 @@ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
67 |
/* If _STR_ is not defined, give it a tempname in _TMPDIR_ */ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
68 |
#define tempname_ensure(Str) \ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
69 |
do { \ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
70 |
- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
71 |
+ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \ |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
72 |
} while (0) |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
73 |
+char * safe_tempnam(const char *); |
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
74 |
|
95d141a9085b
22834809 a2ps should be 64-bit
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
75 |
#endif |