[Pkg-phototools-devel] Bug#612035: Bug#612035: vulnerability: rewrite arbitrary user file
Julien Cristau
jcristau at debian.org
Fri Jul 8 18:06:17 UTC 2011
On Fri, Jul 8, 2011 at 16:08:17 +0200, Andreas Tille wrote:
> @@ -275,7 +278,21 @@
> path = "";
> }
> else
> - path = "/tmp/";
> + snprintf(cppid, sizeof(cppid), "%06ld", (long) getpid());
> +
> + while ((path == NULL) && (i < 9999)) {
> + snprintf(num, sizeof(num), "%06ld", i++);
> +
> + path = estrjoin("", "/tmp/feh", "_", cppid, "_", num, "/", NULL);
> + if (mkdir(path, 0700) == -1) {
> + free(path);
> + path = NULL;
> + } else
> + opt.tmp_path = path;
> + }
> + if (path == NULL)
> + weprintf("Failed to create temporary directory:");
> +
>
> basename = strrchr(url, '/') + 1;
> tmpname = feh_unique_filename(path, basename);
ick. mkdtemp(3), please.
Cheers,
Julien
More information about the Pkg-phototools-devel
mailing list