Fix security issue CVE-2015-7543

[taken from Debian arts patches]
pull/1/head
Slávek Banko 9 years ago
parent a0e89884e9
commit bbb70b9ed2

@ -307,7 +307,8 @@ int build_link(string tmp_prefix, const char *kde_prefix)
unlink(kde_tmp_dir.c_str()); unlink(kde_tmp_dir.c_str());
user_tmp_dir += "XXXXXX"; user_tmp_dir += "XXXXXX";
tmp_buf = strdup(user_tmp_dir.c_str()); tmp_buf = strdup(user_tmp_dir.c_str());
mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ if (mkdtemp(tmp_buf) == NULL)
return 1;
result = create_link(kde_tmp_dir.c_str(), tmp_buf); result = create_link(kde_tmp_dir.c_str(), tmp_buf);
free(tmp_buf); free(tmp_buf);
return result; return result;
@ -347,7 +348,8 @@ int build_link(string tmp_prefix, const char *kde_prefix)
unlink(kde_tmp_dir.c_str()); unlink(kde_tmp_dir.c_str());
user_tmp_dir += "XXXXXX"; user_tmp_dir += "XXXXXX";
tmp_buf = strdup(user_tmp_dir.c_str()); tmp_buf = strdup(user_tmp_dir.c_str());
mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ if (mkdtemp(tmp_buf) == NULL)
return 1;
result = create_link(kde_tmp_dir.c_str(), tmp_buf); result = create_link(kde_tmp_dir.c_str(), tmp_buf);
free(tmp_buf); free(tmp_buf);
return result; return result;
@ -358,7 +360,8 @@ int build_link(string tmp_prefix, const char *kde_prefix)
unlink(kde_tmp_dir.c_str()); unlink(kde_tmp_dir.c_str());
user_tmp_dir += "XXXXXX"; user_tmp_dir += "XXXXXX";
tmp_buf = strdup(user_tmp_dir.c_str()); tmp_buf = strdup(user_tmp_dir.c_str());
mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ if (mkdtemp(tmp_buf) == NULL)
return 1;
result = create_link(kde_tmp_dir.c_str(), tmp_buf); result = create_link(kde_tmp_dir.c_str(), tmp_buf);
free(tmp_buf); free(tmp_buf);
return result; return result;

Loading…
Cancel
Save