Fix security issue CVE-2015-7543

[taken from Debian arts patches]
pull/1/head
Slávek Banko 8年前
コミット bbb70b9ed2

@ -307,7 +307,8 @@ int build_link(string tmp_prefix, const char *kde_prefix)
unlink(kde_tmp_dir.c_str());
user_tmp_dir += "XXXXXX";
tmp_buf = strdup(user_tmp_dir.c_str());
mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
if (mkdtemp(tmp_buf) == NULL)
return 1;
result = create_link(kde_tmp_dir.c_str(), tmp_buf);
free(tmp_buf);
return result;
@ -347,7 +348,8 @@ int build_link(string tmp_prefix, const char *kde_prefix)
unlink(kde_tmp_dir.c_str());
user_tmp_dir += "XXXXXX";
tmp_buf = strdup(user_tmp_dir.c_str());
mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
if (mkdtemp(tmp_buf) == NULL)
return 1;
result = create_link(kde_tmp_dir.c_str(), tmp_buf);
free(tmp_buf);
return result;
@ -358,7 +360,8 @@ int build_link(string tmp_prefix, const char *kde_prefix)
unlink(kde_tmp_dir.c_str());
user_tmp_dir += "XXXXXX";
tmp_buf = strdup(user_tmp_dir.c_str());
mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
if (mkdtemp(tmp_buf) == NULL)
return 1;
result = create_link(kde_tmp_dir.c_str(), tmp_buf);
free(tmp_buf);
return result;

読み込み中…
キャンセル
保存