cvs commit: patches/rcs rcs-5.7-security-1.patch

jim at linuxfromscratch.org jim at linuxfromscratch.org
Sun Oct 5 15:14:14 PDT 2003


jim         03/10/05 16:14:14

  Added:       rcs      rcs-5.7-security-1.patch
  Log:
  Added: rcs-5.7-security-1.patch
  
  Revision  Changes    Path
  1.1                  patches/rcs/rcs-5.7-security-1.patch
  
  Index: rcs-5.7-security-1.patch
  ===================================================================
  Submitted By: Jim Gifford (jim at linuxfromscratch dot org)
  Date: 2003-09-29
  Initial Package Version: 5.7
  Origin: Mandrake CVS
  Description: Fixes Temp File Security Issue
   
  diff -Naur rcs-5.7.orig/src/rcsfnms.c rcs-5.7/src/rcsfnms.c
  --- rcs-5.7.orig/src/rcsfnms.c	1995-06-16 06:19:24.000000000 +0000
  +++ rcs-5.7/src/rcsfnms.c	2003-09-29 19:58:14.000000000 +0000
  @@ -258,19 +258,57 @@
   };
   
   #if has_mktemp
  +static char	tmppath[1024];
  +
  +	static void
  +tmpcleanup()
  +{
  +	/* For now, assume that all temp files get
  +	 * removed before we are invoked */
  +	rmdir(tmppath);
  +}
  +
   	static char const *tmp P((void));
   	static char const *
   tmp()
   /* Yield the name of the tmp directory.  */
   {
  -	static char const *s;
  -	if (!s
  -		&&  !(s = cgetenv("TMPDIR"))	/* Unix tradition */
  +	const char	*s;
  +
  +	if (tmppath[0])
  +		return tmppath;
  +
  +	if (!(s = cgetenv("TMPDIR"))		/* Unix tradition */
   		&&  !(s = cgetenv("TMP"))	/* DOS tradition */
   		&&  !(s = cgetenv("TEMP"))	/* another DOS tradition */
   	)
   		s = TMPDIR;
  -	return s;
  +
  +	if (strlen(s) > sizeof(tmppath) - 11)
  +		s = TMPDIR;
  +
  +#if defined(__GLIBC_PREREQ) && __GLIBC_PREREQ(2, 2)
  +	snprintf(tmppath, sizeof(tmppath), "%s/rcsXXXXXX", s);
  +	if (!mkdtemp(tmppath) || !tmppath[0])
  +		goto failed;
  +#else
  +	while (1) {
  +		snprintf(tmppath, sizeof(tmppath), "%s/rcsXXXXXX", s);
  +		if (!mktemp(tmppath) || !tmppath[0])
  +			goto failed;
  +		if (mkdir(tmppath, 0700) >= 0)
  +			break;
  +		if (errno != EEXIST)
  +			goto failed;
  +	}
  +#endif
  +
  +	atexit(tmpcleanup);
  +	return tmppath;
  +
  +failed:
  +	perror("Unable to create temp directory");
  +	exit(123);
   }
   #endif
   
  
  
  



More information about the patches mailing list