diff options
| author | Slávek Banko <slavek.banko@axis.cz> | 2015-12-10 20:42:13 +0100 |
|---|---|---|
| committer | Slávek Banko <slavek.banko@axis.cz> | 2015-12-10 20:42:38 +0100 |
| commit | 49e5417d8b83e299d778d8a44285763b5fb92391 (patch) | |
| tree | e1fe4d4bb14f7ed754a04a8fe046cb0edb892929 | |
| parent | 0bb256e1994615a32b90dfa79fb1d9a3983d04c7 (diff) | |
| download | arts-49e5417d8b83e299d778d8a44285763b5fb92391.tar.gz arts-49e5417d8b83e299d778d8a44285763b5fb92391.zip | |
Fix security issue CVE-2015-7543
[taken from Debian arts patches]
(cherry picked from commit bbb70b9ed2ffa5d4ee98e94db0c8a0d19f60c5ed)
| -rw-r--r-- | mcop/mcoputils.cc | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/mcop/mcoputils.cc b/mcop/mcoputils.cc index 790927f..52eb78f 100644 --- a/mcop/mcoputils.cc +++ b/mcop/mcoputils.cc @@ -307,7 +307,8 @@ int build_link(string tmp_prefix, const char *kde_prefix) unlink(kde_tmp_dir.c_str()); user_tmp_dir += "XXXXXX"; tmp_buf = strdup(user_tmp_dir.c_str()); - mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(tmp_buf) == NULL) + return 1; result = create_link(kde_tmp_dir.c_str(), tmp_buf); free(tmp_buf); return result; @@ -347,7 +348,8 @@ int build_link(string tmp_prefix, const char *kde_prefix) unlink(kde_tmp_dir.c_str()); user_tmp_dir += "XXXXXX"; tmp_buf = strdup(user_tmp_dir.c_str()); - mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(tmp_buf) == NULL) + return 1; result = create_link(kde_tmp_dir.c_str(), tmp_buf); free(tmp_buf); return result; @@ -358,7 +360,8 @@ int build_link(string tmp_prefix, const char *kde_prefix) unlink(kde_tmp_dir.c_str()); user_tmp_dir += "XXXXXX"; tmp_buf = strdup(user_tmp_dir.c_str()); - mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(tmp_buf) == NULL) + return 1; result = create_link(kde_tmp_dir.c_str(), tmp_buf); free(tmp_buf); return result; |