diff options
| author |   Hans de Graaff <graaff@gentoo.org> | 2008-02-29 15:31:50 +0000 |
|---|---|---|
| committer | Hans de Graaff <graaff@gentoo.org> | 2008-02-29 15:31:50 +0000 |
| commit | 8026a47cca78f9f16e02e50e8d3b4a5878405abe (patch) | |
| tree | 4751ebd0da74897f18c61b49e5e28cb8262d26b3 /dev-lang/wml/files | |
| parent | alpha/ia64/sparc/x86 stable (diff) | |
| download | gentoo-2-8026a47cca78f9f16e02e50e8d3b4a5878405abe.tar.gz gentoo-2-8026a47cca78f9f16e02e50e8d3b4a5878405abe.tar.bz2 gentoo-2-8026a47cca78f9f16e02e50e8d3b4a5878405abe.zip | |
Fix insecure tmpfile usage #209927
(Portage version: 2.1.4.4)
Diffstat (limited to 'dev-lang/wml/files')
| -rw-r--r-- | dev-lang/wml/files/wml-2.0.11-tmpfile.patch | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/dev-lang/wml/files/wml-2.0.11-tmpfile.patch b/dev-lang/wml/files/wml-2.0.11-tmpfile.patch new file mode 100644 index 000000000000..d8cfccd9e442 --- /dev/null +++ b/dev-lang/wml/files/wml-2.0.11-tmpfile.patch @@ -0,0 +1,68 @@ +This patch fixes insecure tmpfile usage as mentioned in #209927. It is +essentially the debian patch mentioned in that bug report. + +diff -u wml-2.0.11/wml_contrib/wmg.cgi wml-2.0.11/wml_contrib/wmg.cgi +--- wml-2.0.11/wml_contrib/wmg.cgi ++++ wml-2.0.11/wml_contrib/wmg.cgi +@@ -366,14 +366,7 @@ + ($w, $h, $t) = Image::Size::imgsize(\$contents); + if ($w*$h == 1) { + # read image into GD +- $tmpfile = "/tmp/pe.tmp.$$"; +- unlink($tmpfile); +- open(TMP, ">$tmpfile"); +- print TMP $contents; +- close(TMP); +- open(TMP, "<$tmpfile"); +- $tmpimg = newFromGif GD::Image(TMP); +- close(TMP); ++ $tmpimg = newFromGifData GD::Image($contents); + unlink($tmpfile); + if ($tmpimg->transparent != -1) { + my $im = new GD::Image($w, $h); +diff -u wml-2.0.11/wml_backend/p1_ipp/ipp.src wml-2.0.11/wml_backend/p1_ipp/ipp.src +--- wml-2.0.11/wml_backend/p1_ipp/ipp.src 2005-12-01 18:50:13.000000000 +0100 ++++ wml-2.0.11/wml_backend/p1_ipp/ipp.src 2008-02-29 16:06:15.000000000 +0100 +@@ -17,6 +17,7 @@ + use Getopt::Long 2.13; + use IO::Handle 1.15; + use IO::File 1.06; ++use File::Temp qw/ mkdtemp /; + + # + # help functions +@@ -564,8 +565,8 @@ + # + # process the pre-loaded include files + # +-$tmpdir = $ENV{'TMPDIR'} || '/tmp'; +-$tmpfile = $tmpdir . "/ipp.$$.tmp"; ++my $tmpldir = ($ENV{'TMPDIR'} || '/tmp') . '/ipp.XXXXXX'; ++$tmpdir = mkdtemp($tmpldir) or die "Unable to create temporary directory: $!\n";$tmpfile = $tmpdir . "/ipp.$$.tmp"; + unlink($tmpfile); + $tmp = new IO::File; + $tmp->open(">$tmpfile") || error("cannot write into $tmpfile: $!"); +--- wml-2.0.11.orig/wml_backend/p3_eperl/eperl_sys.c ++++ wml-2.0.11/wml_backend/p3_eperl/eperl_sys.c +@@ -211,13 +211,20 @@ + { + char ca[1024]; + char *cp, *tmpdir; ++ char tmpfile[] = "eperl_sourceXXXXXX"; + int i; ++ int fd = -1; + + tmpdir = getenv ("TMPDIR"); + if (tmpdir == (char *) NULL) + tmpdir="/tmp"; + +- snprintf(ca, sizeof(ca), "%s/%s.%d.tmp%d", tmpdir, id, (int)getpid(), mytmpfilecnt++); ++ snprintf(ca, sizeof(ca), "%s/%s", tmpdir, tmpfile); ++ if ((fd = mkstemp(ca)) == -1) { ++ perror("Cannot create tmpfile"); ++ return NULL; ++ } ++ close(fd); + ca[sizeof(ca)-1] = NUL; + cp = strdup(ca); + for (i = 0; mytmpfiles[i] != NULL; i++) |