From e94aa50c090293295119ae757a37e93499c7ef9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= Date: Thu, 10 Dec 2015 20:43:35 +0100 Subject: Fix security issue CVE-2015-7543 [taken from Debian arts patches] (cherry picked from commit 56eb4ba333989ae3999fa0cb6da01f8817e6121f) --- tdeinit/lnusertemp.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'tdeinit/lnusertemp.c') diff --git a/tdeinit/lnusertemp.c b/tdeinit/lnusertemp.c index 171107041..5d739f680 100644 --- a/tdeinit/lnusertemp.c +++ b/tdeinit/lnusertemp.c @@ -192,7 +192,8 @@ int build_link(const char *tmp_prefix, const char *kde_prefix, int kdehostname) if (result == 0) return 0; /* Success */ unlink(kde_tmp_dir); strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir)); - mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(user_tmp_dir) == NULL) + return 1; return create_link(kde_tmp_dir, user_tmp_dir); } if ((result == -1) || (!S_ISLNK(stat_buf.st_mode))) @@ -218,14 +219,16 @@ int build_link(const char *tmp_prefix, const char *kde_prefix, int kdehostname) if (result == 0) return 0; /* Success */ unlink(kde_tmp_dir); strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir)); - mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(user_tmp_dir) == NULL) + return 1; return create_link(kde_tmp_dir, user_tmp_dir); } result = check_tmp_dir(tmp_buf); if (result == 0) return 0; /* Success */ unlink(kde_tmp_dir); strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir)); - mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(user_tmp_dir) == NULL) + return 1; return create_link(kde_tmp_dir, user_tmp_dir); } -- cgit v1.2.1