From 85d0c0e8377b4d089660f058f774c28d6c978cd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= Date: Thu, 10 Dec 2015 20:43:35 +0100 Subject: [PATCH] Fix security issue CVE-2015-7543 [taken from Debian arts patches] (cherry picked from commit 56eb4ba333989ae3999fa0cb6da01f8817e6121f) --- kinit/lnusertemp.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/kinit/lnusertemp.c b/kinit/lnusertemp.c index ea40e1e6c..e5ff530ff 100644 --- a/kinit/lnusertemp.c +++ b/kinit/lnusertemp.c @@ -192,7 +192,8 @@ int build_link(const char *tmp_prefix, const char *kde_prefix, int kdehostname) if (result == 0) return 0; /* Success */ unlink(kde_tmp_dir); strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir)); - mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(user_tmp_dir) == NULL) + return 1; return create_link(kde_tmp_dir, user_tmp_dir); } if ((result == -1) || (!S_ISLNK(stat_buf.st_mode))) @@ -218,14 +219,16 @@ int build_link(const char *tmp_prefix, const char *kde_prefix, int kdehostname) if (result == 0) return 0; /* Success */ unlink(kde_tmp_dir); strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir)); - mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(user_tmp_dir) == NULL) + return 1; return create_link(kde_tmp_dir, user_tmp_dir); } result = check_tmp_dir(tmp_buf); if (result == 0) return 0; /* Success */ unlink(kde_tmp_dir); strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir)); - mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */ + if (mkdtemp(user_tmp_dir) == NULL) + return 1; return create_link(kde_tmp_dir, user_tmp_dir); }