diff options
author | Slávek Banko <slavek.banko@axis.cz> | 2015-12-10 20:43:35 +0100 |
---|---|---|
committer | Slávek Banko <slavek.banko@axis.cz> | 2015-12-10 20:44:10 +0100 |
commit | e94aa50c090293295119ae757a37e93499c7ef9a (patch) | |
tree | 985aed9c9971703f2f4c68642751908e6b384fa5 /tdeinit | |
parent | 094540b6609b51b8c35bde18ea80db32e4b99e98 (diff) | |
download | tdelibs-e94aa50c090293295119ae757a37e93499c7ef9a.tar.gz tdelibs-e94aa50c090293295119ae757a37e93499c7ef9a.zip |
Fix security issue CVE-2015-7543
[taken from Debian arts patches]
(cherry picked from commit 56eb4ba333989ae3999fa0cb6da01f8817e6121f)
Diffstat (limited to 'tdeinit')
-rw-r--r-- | tdeinit/lnusertemp.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/tdeinit/lnusertemp.c b/tdeinit/lnusertemp.c index 171107041..5d739f680 100644 --- a/tdeinit/lnusertemp.c +++ b/tdeinit/lnusertemp.c @@ -192,7 +192,8 @@ int build_link(const char *tmp_prefix, const char *kde_prefix, int kdehostname) if (result == 0) return 0; /* Success */ unlink(kde_tmp_dir); strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir)); - mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(user_tmp_dir) == NULL) + return 1; return create_link(kde_tmp_dir, user_tmp_dir); } if ((result == -1) || (!S_ISLNK(stat_buf.st_mode))) @@ -218,14 +219,16 @@ int build_link(const char *tmp_prefix, const char *kde_prefix, int kdehostname) if (result == 0) return 0; /* Success */ unlink(kde_tmp_dir); strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir)); - mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(user_tmp_dir) == NULL) + return 1; return create_link(kde_tmp_dir, user_tmp_dir); } result = check_tmp_dir(tmp_buf); if (result == 0) return 0; /* Success */ unlink(kde_tmp_dir); strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir)); - mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(user_tmp_dir) == NULL) + return 1; return create_link(kde_tmp_dir, user_tmp_dir); } |