Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/hplip/patches/05_Bug17406738.patch
author Mohana Rao Gorai <mohana.gorai@oracle.com>
Tue, 15 Apr 2014 22:24:44 -0700
branchs11u1-sru
changeset 3075 a27acdae98ec
permissions -rw-r--r--
17406738 problem in UTILITY/HPLIP

Description: fix for CVE-2013-0200 (insecure temporary files)
Origin: vendor, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701185
Original Bug: https://bugzilla.redhat.com/show_bug.cgi?id=902163

-----------------------------------------------------------------------
--- a/prnt/hpcups/SystemServices.cpp	Tue Apr 10 01:32:37 2012
+++ b/prnt/hpcups/SystemServices.cpp	Tue Jan 28 03:22:40 2014
@@ -36,9 +36,12 @@
     m_fp = NULL;
     if (iLogLevel & SAVE_PCL_FILE)
     {
-        char    fname[32];
-        sprintf(fname, "/tmp/hpcups_job%d.out", job_id);
-        m_fp = fopen(fname, "w");
+        char    fname[40];
+        int fd;
+        sprintf(fname, "/tmp/hpcups_job%d.out.XXXXXX", job_id);
+        fd = mkstemp (fname);
+        if (fd != -1)
+            m_fp = fdopen(fd, "w");
         chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
     }
 }
--- a/prnt/hpijs/hpijs.cpp	Tue Apr 10 01:32:39 2012
+++ b/prnt/hpijs/hpijs.cpp	Tue Jan 28 03:20:35 2014
@@ -97,12 +97,13 @@
     if (pSS->m_iLogLevel & SAVE_PCL_FILE)
     {
         char    szFileName[32];
-	sprintf (szFileName, "/tmp/hpijs_%d.out", getpid());
-	pSS->outfp = fopen (szFileName, "w");
-	if (pSS->outfp)
-	{
-	    chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-	}
+        int fd;
+        sprintf (szFileName, "/tmp/hpijs_%d.out.XXXXXX", getpid());
+        fd = mkstemp (szFileName);
+        if (fd != -1)
+            pSS->outfp = fdopen (fd, "w");
+        if (pSS->outfp)
+            chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
     }
 }
 
--- a/prnt/hpcups/HPCupsFilter.cpp	Tue Jan 28 03:06:22 2014
+++ b/prnt/hpcups/HPCupsFilter.cpp	Tue Jan 28 03:17:49 2014
@@ -602,20 +602,25 @@
 
         if (m_iLogLevel & SAVE_INPUT_RASTERS)
         {
-            char    szFileName[32];
+            char    szFileName[44];
             memset(szFileName, 0, sizeof(szFileName));
-            snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp", current_page_number);
+			snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp.XXXXXX", current_page_number);
             if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW ||
                 cups_header.cupsColorSpace == CUPS_CSPACE_RGB)
             {
-                cfp = fopen (szFileName, "w");
+				int fd = mkstemp (szFileName);
+				if (fd != -1)
+					cfp = fdopen (fd, "w");
                 chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
             }
             if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW ||
                 cups_header.cupsColorSpace == CUPS_CSPACE_K)
             {
-                szFileName[17] = 'k';
-                kfp = fopen (szFileName, "w");
+				int fd;
+				snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterk_%d.bmp.XXXXXX", current_page_number);
+				fd = mkstemp (szFileName);
+				if (fd != -1)
+					kfp = fdopen (fd, "w");
                 chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
             }
             WriteBMPHeader (cfp, cups_header.cupsWidth, cups_header.cupsHeight, COLOR_RASTER);
upstream/oracle/userland-gate