diff options
author | Slávek Banko <slavek.banko@axis.cz> | 2015-12-10 20:43:35 +0100 |
---|---|---|
committer | Slávek Banko <slavek.banko@axis.cz> | 2015-12-13 00:57:58 +0100 |
commit | 85d0c0e8377b4d089660f058f774c28d6c978cd4 (patch) | |
tree | 2f91d493b876e939150d2c4509a6c5bd8a4a4dfb /kinit | |
parent | 0b38e09529fe7f28cfa968e36380ee0aa2318922 (diff) | |
download | tdelibs-85d0c0e8377b4d089660f058f774c28d6c978cd4.tar.gz tdelibs-85d0c0e8377b4d089660f058f774c28d6c978cd4.zip |
Fix security issue CVE-2015-7543
[taken from Debian arts patches]
(cherry picked from commit 56eb4ba333989ae3999fa0cb6da01f8817e6121f)
Diffstat (limited to 'kinit')
-rw-r--r-- | kinit/lnusertemp.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/kinit/lnusertemp.c b/kinit/lnusertemp.c index ea40e1e6c..e5ff530ff 100644 --- a/kinit/lnusertemp.c +++ b/kinit/lnusertemp.c @@ -192,7 +192,8 @@ int build_link(const char *tmp_prefix, const char *kde_prefix, int kdehostname) if (result == 0) return 0; /* Success */ unlink(kde_tmp_dir); strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir)); - mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(user_tmp_dir) == NULL) + return 1; return create_link(kde_tmp_dir, user_tmp_dir); } if ((result == -1) || (!S_ISLNK(stat_buf.st_mode))) @@ -218,14 +219,16 @@ int build_link(const char *tmp_prefix, const char *kde_prefix, int kdehostname) if (result == 0) return 0; /* Success */ unlink(kde_tmp_dir); strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir)); - mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(user_tmp_dir) == NULL) + return 1; return create_link(kde_tmp_dir, user_tmp_dir); } result = check_tmp_dir(tmp_buf); if (result == 0) return 0; /* Success */ unlink(kde_tmp_dir); strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir)); - mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(user_tmp_dir) == NULL) + return 1; return create_link(kde_tmp_dir, user_tmp_dir); } |