mykola/freebsd-ports
1
0
Fork 0
forked from Lainports/freebsd-ports
Code Pull requests Activity
freebsd-ports/textproc/scrollkeeper/files/patch-security

139 lines
4 KiB
Text
Raw Blame History

This patch fixes a security issue in scrollkeeper. It will be integrated
into the next release.
--- cl/src/get-cl.c 2002/02/25 08:23:14 1.18
+++ cl/src/get-cl.c 2002/09/22 07:13:59 1.19
@@ -27,6 +27,7 @@
#include <unistd.h>
#include <sys/stat.h>
#include <locale.h>
+#include <fcntl.h>
/* cycles through five temporary filenames of the form /tmp/scrollkeeper-templfile.x,
where x is number from 0 to 4 and returns the first one that does not exist or the
@@ -35,7 +36,7 @@
static char *get_next_free_temp_file_path(char outputprefs)
{
char path[PATHLEN], *filename;
- int i, num;
+ int i, num, fd;
struct stat buf;
time_t prev;
@@ -82,6 +83,17 @@
check_ptr(filename, "scrollkeeper-get-cl");
snprintf(filename, PATHLEN, "/tmp/scrollkeeper-tempfile.%d", num);
+ unlink(filename);
+
+ fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_TRUNC | O_NONBLOCK,
+ S_IRWXU | S_IRGRP | S_IROTH);
+
+ if (fd < 0) {
+ fprintf (stderr, _("scrollkeeper-get-cl: Cannot open temp file: %s\n"), filename);
+ exit (EXIT_FAILURE);
+ }
+ close(fd);
+
return filename;
}
--- libs/extract.c 2002/03/16 19:08:48 1.12
+++ libs/extract.c 2002/09/22 07:14:01 1.14
@@ -43,16 +43,16 @@
int i;
int returnval = 1;
FILE *fid;
+ struct stat buf;
#ifndef SOLARIS
char line[1024], *start, *end;
int num;
FILE *res_fid;
char *doctype;
char command[1024];
- pid_t pid;
char temp1[PATHLEN], temp2[PATHLEN], errors[PATHLEN];
+ int temp1_fd, temp2_fd, errors_fd;
#endif
- struct stat buf;
if (input_file == NULL ||
stylesheets == NULL ||
@@ -69,11 +69,23 @@
#ifdef SOLARIS
doc = docbParseFile(input_file, NULL);
#else
- pid = getpid();
-
- snprintf(temp1, PATHLEN, "/var/tmp/scrollkeeper-extract-1-%ld.xml", (long)pid);
- snprintf(temp2, PATHLEN, "/var/tmp/scrollkeeper-extract-2-%ld.xml", (long)pid);
- snprintf(errors, PATHLEN, "/var/tmp/scrollkeeper-extract-errors-%ld", (long)pid);
+ snprintf(temp1, PATHLEN, SCROLLKEEPER_STATEDIR "/tmp/scrollkeeper-extract-1.xml.XXXXXX");
+ snprintf(temp2, PATHLEN, SCROLLKEEPER_STATEDIR "/tmp/scrollkeeper-extract-2.xml.XXXXXX");
+ snprintf(errors, PATHLEN, SCROLLKEEPER_STATEDIR "/tmp/scrollkeeper-extract-errors.XXXXXX");
+
+ temp1_fd = mkstemp(temp1);
+ printf ("%s\n", temp1);
+ if (temp1_fd == -1) {
+ sk_message(outputprefs, SKOUT_DEFAULT, SKOUT_QUIET, "(apply_stylesheets)", _("Cannot create temporary file: %s : %s\n"),temp1, strerror(errno));
+ return 0;
+ }
+
+ errors_fd = mkstemp(errors);
+ if (errors_fd == -1) {
+ sk_message(outputprefs, SKOUT_DEFAULT, SKOUT_QUIET, "(apply_stylesheets)", _("Cannot create temporary file: %s : %s\n"),errors, strerror(errno));
+ return 0;
+ }
+ close(errors_fd);
snprintf(command, 1024, "sgml2xml -xlower -f%s %s > %s", errors, input_file, temp1);
system(command);
@@ -83,6 +95,7 @@
fid = fopen(input_file, "r");
if (fid == NULL) {
sk_message(outputprefs, SKOUT_DEFAULT, SKOUT_QUIET, "(apply_stylesheets)", _("Cannot read file: %s : %s\n"),input_file, strerror(errno));
+ close(temp1_fd);
return 0;
}
@@ -106,14 +119,25 @@
}
if (doctype == NULL) {
+ close(temp1_fd);
unlink(temp1);
return 0;
}
-
- fid = fopen(temp1, "r");
- res_fid = fopen(temp2, "w");
+
+ temp2_fd = mkstemp(temp2);
+ if (temp2_fd == -1) {
+ close(temp1_fd);
+ unlink(temp1);
+ sk_message(outputprefs, SKOUT_DEFAULT, SKOUT_QUIET, "(apply_stylesheets)", _("Cannot create temporary file: %s : %s\n"),temp2, strerror(errno));
+ return 0;
+ }
+
+ fid = fdopen(temp1_fd, "r");
+ res_fid = fdopen(temp2_fd, "w");
if (fid == NULL || res_fid == NULL) {
+ close(temp1_fd);
unlink(temp1);
+ close(temp2_fd);
unlink(temp2);
return 0;
}
--- libs/Makefile.in.orig Wed Oct 9 12:36:43 2002
+++ libs/Makefile.in Wed Oct 9 12:37:05 2002
@@ -130,7 +130,8 @@
INCLUDES = \
$(XML_CFLAGS) \
$(XSLT_CFLAGS) \
- $(HOST_TYPE)
+ $(HOST_TYPE) \
+ -DSCROLLKEEPER_STATEDIR=\""$(localstatedir)"\"
libscrollkeeper_la_SOURCES = \
View git blame Copy permalink