mykola/freebsd-ports
1
0
Fork 0
forked from Lainports/freebsd-ports
Code Pull requests Activity
freebsd-ports/textproc/scrollkeeper/files/patch-security
Joe Marcus Clarke f2ee099462 Fix two long-standing bugs where scrollkeeper would overwrite the 
SGML catalogs in favor of its own XML format catalogs as well as prevent
scrollkeeper from making HTTP connections to obtain DTDs for OMF
validation.

PR:	39504 46179
Tested by:	Stephen Hilton <nospam@hiltonbsd.com>
		Mezz bsdforums.org <reigncracks@hotmail.com>
2003-01-20 00:30:26 +00:00

142 lines
4.1 KiB
Text
Raw Blame History

This patch fixes a security issue in scrollkeeper. It will be integrated
into the next release.
--- cl/src/get-cl.c 2002/02/25 08:23:14 1.18
+++ cl/src/get-cl.c 2002/09/22 07:13:59 1.19
@@ -27,6 +27,7 @@
#include <unistd.h>
#include <sys/stat.h>
#include <locale.h>
+#include <fcntl.h>
/* cycles through five temporary filenames of the form /tmp/scrollkeeper-templfile.x,
where x is number from 0 to 4 and returns the first one that does not exist or the
@@ -35,7 +36,7 @@
static char *get_next_free_temp_file_path(char outputprefs)
{
char path[PATHLEN], *filename;
- int i, num;
+ int i, num, fd;
struct stat buf;
time_t prev;
@@ -82,6 +83,17 @@
check_ptr(filename, "scrollkeeper-get-cl");
snprintf(filename, PATHLEN, "/tmp/scrollkeeper-tempfile.%d", num);
+ unlink(filename);
+
+ fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_TRUNC | O_NONBLOCK,
+ S_IRWXU | S_IRGRP | S_IROTH);
+
+ if (fd < 0) {
+ fprintf (stderr, _("scrollkeeper-get-cl: Cannot open temp file: %s\n"), filename);
+ exit (EXIT_FAILURE);
+ }
+ close(fd);
+
return filename;
}
--- libs/extract.c.orig Wed Jul 24 22:25:34 2002
+++ libs/extract.c Thu Jan 16 01:39:54 2003
@@ -43,16 +43,18 @@
int i;
int returnval = 1;
FILE *fid;
+ struct stat buf;
#ifndef SOLARIS
char line[1024], *start, *end;
int num;
FILE *res_fid;
char *doctype;
char command[1024];
- pid_t pid;
char temp1[PATHLEN], temp2[PATHLEN], errors[PATHLEN];
+ int temp1_fd, temp2_fd, errors_fd;
#endif
- struct stat buf;
+
+ setenv("XML_CATALOG_FILES", SK_XML_CATALOGS, 1);
if (input_file == NULL ||
stylesheets == NULL ||
@@ -69,11 +71,23 @@
#ifdef SOLARIS
doc = docbParseFile(input_file, NULL);
#else
- pid = getpid();
-
- snprintf(temp1, PATHLEN, "/var/tmp/scrollkeeper-extract-1-%ld.xml", (long)pid);
- snprintf(temp2, PATHLEN, "/var/tmp/scrollkeeper-extract-2-%ld.xml", (long)pid);
- snprintf(errors, PATHLEN, "/var/tmp/scrollkeeper-extract-errors-%ld", (long)pid);
+ snprintf(temp1, PATHLEN, SCROLLKEEPER_STATEDIR "/tmp/scrollkeeper-extract-1.xml.XXXXXX");
+ snprintf(temp2, PATHLEN, SCROLLKEEPER_STATEDIR "/tmp/scrollkeeper-extract-2.xml.XXXXXX");
+ snprintf(errors, PATHLEN, SCROLLKEEPER_STATEDIR "/tmp/scrollkeeper-extract-errors.XXXXXX");
+
+ temp1_fd = mkstemp(temp1);
+ printf ("%s\n", temp1);
+ if (temp1_fd == -1) {
+ sk_message(outputprefs, SKOUT_DEFAULT, SKOUT_QUIET, "(apply_stylesheets)", _("Cannot create temporary file: %s : %s\n"),temp1, strerror(errno));
+ return 0;
+ }
+
+ errors_fd = mkstemp(errors);
+ if (errors_fd == -1) {
+ sk_message(outputprefs, SKOUT_DEFAULT, SKOUT_QUIET, "(apply_stylesheets)", _("Cannot create temporary file: %s : %s\n"),errors, strerror(errno));
+ return 0;
+ }
+ close(errors_fd);
snprintf(command, 1024, "sgml2xml -xlower -f%s %s > %s", errors, input_file, temp1);
system(command);
@@ -83,6 +97,7 @@
fid = fopen(input_file, "r");
if (fid == NULL) {
sk_message(outputprefs, SKOUT_DEFAULT, SKOUT_QUIET, "(apply_stylesheets)", _("Cannot read file: %s : %s\n"),input_file, strerror(errno));
+ close(temp1_fd);
return 0;
}
@@ -106,14 +121,25 @@
}
if (doctype == NULL) {
+ close(temp1_fd);
unlink(temp1);
return 0;
}
-
- fid = fopen(temp1, "r");
- res_fid = fopen(temp2, "w");
+
+ temp2_fd = mkstemp(temp2);
+ if (temp2_fd == -1) {
+ close(temp1_fd);
+ unlink(temp1);
+ sk_message(outputprefs, SKOUT_DEFAULT, SKOUT_QUIET, "(apply_stylesheets)", _("Cannot create temporary file: %s : %s\n"),temp2, strerror(errno));
+ return 0;
+ }
+
+ fid = fdopen(temp1_fd, "r");
+ res_fid = fdopen(temp2_fd, "w");
if (fid == NULL || res_fid == NULL) {
+ close(temp1_fd);
unlink(temp1);
+ close(temp2_fd);
unlink(temp2);
return 0;
}
--- libs/Makefile.in.orig Thu Jan 16 01:38:23 2003
+++ libs/Makefile.in Thu Jan 16 01:47:46 2003
@@ -130,7 +130,9 @@
INCLUDES = \
$(XML_CFLAGS) \
$(XSLT_CFLAGS) \
- $(HOST_TYPE)
+ $(HOST_TYPE) \
+ -DSCROLLKEEPER_STATEDIR=\""$(localstatedir)"\" \
+ -DSK_XML_CATALOGS=\""%%LOCALBASE%%/share/sk/catalog %%LOCALBASE%%/share/sk/docbook/catalog"\"
libscrollkeeper_la_SOURCES = \
View git blame Copy permalink