summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSlávek Banko <slavek.banko@axis.cz>2015-12-10 20:42:13 +0100
committerSlávek Banko <slavek.banko@axis.cz>2015-12-10 20:42:13 +0100
commitbbb70b9ed2ffa5d4ee98e94db0c8a0d19f60c5ed (patch)
treedd4ae8b6f3c81f42a5f25f6f6de00df18133999b
parenta0e89884e90269119512102681b767c495490f53 (diff)
downloadarts-bbb70b9ed2ffa5d4ee98e94db0c8a0d19f60c5ed.tar.gz
arts-bbb70b9ed2ffa5d4ee98e94db0c8a0d19f60c5ed.zip
Fix security issue CVE-2015-7543
[taken from Debian arts patches]
-rw-r--r--mcop/mcoputils.cc9
1 files changed, 6 insertions, 3 deletions
diff --git a/mcop/mcoputils.cc b/mcop/mcoputils.cc
index 790927f..52eb78f 100644
--- a/mcop/mcoputils.cc
+++ b/mcop/mcoputils.cc
@@ -307,7 +307,8 @@ int build_link(string tmp_prefix, const char *kde_prefix)
unlink(kde_tmp_dir.c_str());
user_tmp_dir += "XXXXXX";
tmp_buf = strdup(user_tmp_dir.c_str());
- mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
+ if (mkdtemp(tmp_buf) == NULL)
+ return 1;
result = create_link(kde_tmp_dir.c_str(), tmp_buf);
free(tmp_buf);
return result;
@@ -347,7 +348,8 @@ int build_link(string tmp_prefix, const char *kde_prefix)
unlink(kde_tmp_dir.c_str());
user_tmp_dir += "XXXXXX";
tmp_buf = strdup(user_tmp_dir.c_str());
- mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
+ if (mkdtemp(tmp_buf) == NULL)
+ return 1;
result = create_link(kde_tmp_dir.c_str(), tmp_buf);
free(tmp_buf);
return result;
@@ -358,7 +360,8 @@ int build_link(string tmp_prefix, const char *kde_prefix)
unlink(kde_tmp_dir.c_str());
user_tmp_dir += "XXXXXX";
tmp_buf = strdup(user_tmp_dir.c_str());
- mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
+ if (mkdtemp(tmp_buf) == NULL)
+ return 1;
result = create_link(kde_tmp_dir.c_str(), tmp_buf);
free(tmp_buf);
return result;