components/hplip/patches/05_Bug17406738.patch
branchs11u1-sru
changeset 3075 a27acdae98ec
equal deleted inserted replaced
3074:17fef665b819 3075:a27acdae98ec
       
     1 Description: fix for CVE-2013-0200 (insecure temporary files)
       
     2 Origin: vendor, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701185
       
     3 Original Bug: https://bugzilla.redhat.com/show_bug.cgi?id=902163
       
     4 
       
     5 -----------------------------------------------------------------------
       
     6 --- a/prnt/hpcups/SystemServices.cpp	Tue Apr 10 01:32:37 2012
       
     7 +++ b/prnt/hpcups/SystemServices.cpp	Tue Jan 28 03:22:40 2014
       
     8 @@ -36,9 +36,12 @@
       
     9      m_fp = NULL;
       
    10      if (iLogLevel & SAVE_PCL_FILE)
       
    11      {
       
    12 -        char    fname[32];
       
    13 -        sprintf(fname, "/tmp/hpcups_job%d.out", job_id);
       
    14 -        m_fp = fopen(fname, "w");
       
    15 +        char    fname[40];
       
    16 +        int fd;
       
    17 +        sprintf(fname, "/tmp/hpcups_job%d.out.XXXXXX", job_id);
       
    18 +        fd = mkstemp (fname);
       
    19 +        if (fd != -1)
       
    20 +            m_fp = fdopen(fd, "w");
       
    21          chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
       
    22      }
       
    23  }
       
    24 --- a/prnt/hpijs/hpijs.cpp	Tue Apr 10 01:32:39 2012
       
    25 +++ b/prnt/hpijs/hpijs.cpp	Tue Jan 28 03:20:35 2014
       
    26 @@ -97,12 +97,13 @@
       
    27      if (pSS->m_iLogLevel & SAVE_PCL_FILE)
       
    28      {
       
    29          char    szFileName[32];
       
    30 -	sprintf (szFileName, "/tmp/hpijs_%d.out", getpid());
       
    31 -	pSS->outfp = fopen (szFileName, "w");
       
    32 -	if (pSS->outfp)
       
    33 -	{
       
    34 -	    chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
       
    35 -	}
       
    36 +        int fd;
       
    37 +        sprintf (szFileName, "/tmp/hpijs_%d.out.XXXXXX", getpid());
       
    38 +        fd = mkstemp (szFileName);
       
    39 +        if (fd != -1)
       
    40 +            pSS->outfp = fdopen (fd, "w");
       
    41 +        if (pSS->outfp)
       
    42 +            chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
       
    43      }
       
    44  }
       
    45  
       
    46 --- a/prnt/hpcups/HPCupsFilter.cpp	Tue Jan 28 03:06:22 2014
       
    47 +++ b/prnt/hpcups/HPCupsFilter.cpp	Tue Jan 28 03:17:49 2014
       
    48 @@ -602,20 +602,25 @@
       
    49  
       
    50          if (m_iLogLevel & SAVE_INPUT_RASTERS)
       
    51          {
       
    52 -            char    szFileName[32];
       
    53 +            char    szFileName[44];
       
    54              memset(szFileName, 0, sizeof(szFileName));
       
    55 -            snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp", current_page_number);
       
    56 +			snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp.XXXXXX", current_page_number);
       
    57              if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW ||
       
    58                  cups_header.cupsColorSpace == CUPS_CSPACE_RGB)
       
    59              {
       
    60 -                cfp = fopen (szFileName, "w");
       
    61 +				int fd = mkstemp (szFileName);
       
    62 +				if (fd != -1)
       
    63 +					cfp = fdopen (fd, "w");
       
    64                  chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
       
    65              }
       
    66              if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW ||
       
    67                  cups_header.cupsColorSpace == CUPS_CSPACE_K)
       
    68              {
       
    69 -                szFileName[17] = 'k';
       
    70 -                kfp = fopen (szFileName, "w");
       
    71 +				int fd;
       
    72 +				snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterk_%d.bmp.XXXXXX", current_page_number);
       
    73 +				fd = mkstemp (szFileName);
       
    74 +				if (fd != -1)
       
    75 +					kfp = fdopen (fd, "w");
       
    76                  chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
       
    77              }
       
    78              WriteBMPHeader (cfp, cups_header.cupsWidth, cups_header.cupsHeight, COLOR_RASTER);