Date: Sun, 29 Apr 2001 02:36:07 -0700 From: Kris Kennaway <kris@obsecurity.org> To: audit@FreeBSD.org Subject: rdist tempfile fixes Message-ID: <20010429023607.A77379@xor.obsecurity.org>
next in thread | raw e-mail | index | archive | help
--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
This one's been moved from the src tree to the 44bsd-rdist port, but
the patch can still be applied (apply it by hand for now after
checking out the port; I have a rerolled version of the distfile with
the patch checked into RCS)
Kris
Index: main.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/usr.bin/rdist/Attic/main.c,v
retrieving revision 1.5
diff -u -r1.5 main.c
--- main.c 1999/08/28 01:05:07 1.5
+++ main.c 2001/04/29 09:16:03
@@ -52,7 +52,7 @@
=20
char *distfile =3D NULL;
#define _RDIST_TMP "/rdistXXXXXX"
-char tempfile[sizeof _PATH_TMP + sizeof _RDIST_TMP + 1];
+char tempfile[PATH_MAX];
char *tempname;
=20
int debug; /* debugging flag */
@@ -83,20 +84,21 @@
char *argv[];
{
register char *arg;
- int cmdargs =3D 0;
- char *dhosts[NHOSTS], **hp =3D dhosts;
+ int cmdargs =3D 0, fd;
+ char *dhosts[NHOSTS], **hp =3D dhosts, *tmpdir;
=20
pw =3D getpwuid(userid =3D getuid());
if (pw =3D=3D NULL) {
fprintf(stderr, "%s: Who are you?\n", argv[0]);
exit(1);
}
- strcpy(user, pw->pw_name);
- strcpy(homedir, pw->pw_dir);
+ strlcpy(user, pw->pw_name, sizeof(user));
+ strlcpy(homedir, pw->pw_dir, sizeof(homedir));
groupid =3D pw->pw_gid;
gethostname(host, sizeof(host));
- strcpy(tempfile, _PATH_TMP);
- strcat(tempfile, _RDIST_TMP);
+ if ((tmpdir =3D getenv("TMPDIR")) =3D=3D NULL)
+ tmpdir =3D _PATH_TMP;
+ snprintf(tempfile, sizeof(tempfile), "%s%s", tmpdir, _RDIST_TMP);
if ((tempname =3D rindex(tempfile, '/')) !=3D 0)
tempname++;
else
@@ -198,8 +200,16 @@
*hp =3D NULL;
=20
seteuid(userid);
- mktemp(tempfile);
-
+ if ((fd =3D mkstemp(tempfile)) =3D=3D -1) {
+ fprintf(stderr, "rdist: mkstemp failed\n");
+ exit(1);
+ }
+ if (close(fd) =3D=3D -1) {
+ unlink(tempfile);
+ fprintf(stderr, "rdist: mkstemp failed\n");
+ exit(1);
+ }
+ =09
if (iamremote) {
server();
exit(nerrs !=3D 0);
--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE66+CHWry0BWjoQKURAp23AKDWoJjRNxJ3NOLmAthlGrYs6aFjIACfdf+E
n8m0ysnd+2up0+9hcmZkjhc=
=4f4j
-----END PGP SIGNATURE-----
--gBBFr7Ir9EOA20Yy--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010429023607.A77379>