diff options
author | Slávek Banko <slavek.banko@axis.cz> | 2015-12-10 20:42:13 +0100 |
---|---|---|
committer | Slávek Banko <slavek.banko@axis.cz> | 2015-12-10 20:42:13 +0100 |
commit | bbb70b9ed2ffa5d4ee98e94db0c8a0d19f60c5ed (patch) | |
tree | dd4ae8b6f3c81f42a5f25f6f6de00df18133999b | |
parent | a0e89884e90269119512102681b767c495490f53 (diff) | |
download | arts-bbb70b9ed2ffa5d4ee98e94db0c8a0d19f60c5ed.tar.gz arts-bbb70b9ed2ffa5d4ee98e94db0c8a0d19f60c5ed.zip |
Fix security issue CVE-2015-7543
[taken from Debian arts patches]
-rw-r--r-- | mcop/mcoputils.cc | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/mcop/mcoputils.cc b/mcop/mcoputils.cc index 790927f..52eb78f 100644 --- a/mcop/mcoputils.cc +++ b/mcop/mcoputils.cc @@ -307,7 +307,8 @@ int build_link(string tmp_prefix, const char *kde_prefix) unlink(kde_tmp_dir.c_str()); user_tmp_dir += "XXXXXX"; tmp_buf = strdup(user_tmp_dir.c_str()); - mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(tmp_buf) == NULL) + return 1; result = create_link(kde_tmp_dir.c_str(), tmp_buf); free(tmp_buf); return result; @@ -347,7 +348,8 @@ int build_link(string tmp_prefix, const char *kde_prefix) unlink(kde_tmp_dir.c_str()); user_tmp_dir += "XXXXXX"; tmp_buf = strdup(user_tmp_dir.c_str()); - mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(tmp_buf) == NULL) + return 1; result = create_link(kde_tmp_dir.c_str(), tmp_buf); free(tmp_buf); return result; @@ -358,7 +360,8 @@ int build_link(string tmp_prefix, const char *kde_prefix) unlink(kde_tmp_dir.c_str()); user_tmp_dir += "XXXXXX"; tmp_buf = strdup(user_tmp_dir.c_str()); - mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(tmp_buf) == NULL) + return 1; result = create_link(kde_tmp_dir.c_str(), tmp_buf); free(tmp_buf); return result; |