|
Kevin Kofler |
e28f8c1 |
diff -ur kdelibs-3.5.10/kinit/lnusertemp.c kdelibs-3.5.10-CVE-2015-7543/kinit/lnusertemp.c
|
|
Kevin Kofler |
e28f8c1 |
--- kdelibs-3.5.10/kinit/lnusertemp.c 2007-05-14 09:52:34.000000000 +0200
|
|
Kevin Kofler |
e28f8c1 |
+++ kdelibs-3.5.10-CVE-2015-7543/kinit/lnusertemp.c 2015-12-10 10:04:02.934321515 +0100
|
|
Kevin Kofler |
e28f8c1 |
@@ -178,7 +178,11 @@
|
|
Kevin Kofler |
e28f8c1 |
if (result == 0) return 0; /* Success */
|
|
Kevin Kofler |
e28f8c1 |
unlink(kde_tmp_dir);
|
|
Kevin Kofler |
e28f8c1 |
strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir));
|
|
Kevin Kofler |
e28f8c1 |
+#if 0
|
|
Kevin Kofler |
e28f8c1 |
mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
|
|
Kevin Kofler |
e28f8c1 |
+#else
|
|
Kevin Kofler |
e28f8c1 |
+ if (mkdtemp(user_tmp_dir)==0) return 1; /*JOWENN: isn't that the better solution ?? */
|
|
Kevin Kofler |
e28f8c1 |
+#endif
|
|
Kevin Kofler |
e28f8c1 |
return create_link(kde_tmp_dir, user_tmp_dir);
|
|
Kevin Kofler |
e28f8c1 |
}
|
|
Kevin Kofler |
e28f8c1 |
if ((result == -1) || (!S_ISLNK(stat_buf.st_mode)))
|
|
Kevin Kofler |
e28f8c1 |
@@ -204,14 +208,22 @@
|
|
Kevin Kofler |
e28f8c1 |
if (result == 0) return 0; /* Success */
|
|
Kevin Kofler |
e28f8c1 |
unlink(kde_tmp_dir);
|
|
Kevin Kofler |
e28f8c1 |
strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir));
|
|
Kevin Kofler |
e28f8c1 |
+#if 0
|
|
Kevin Kofler |
e28f8c1 |
mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
|
|
Kevin Kofler |
e28f8c1 |
+#else
|
|
Kevin Kofler |
e28f8c1 |
+ if (mkdtemp(user_tmp_dir)==0) return 1; /*JOWENN: isn't that the better solution ?? */
|
|
Kevin Kofler |
e28f8c1 |
+#endif
|
|
Kevin Kofler |
e28f8c1 |
return create_link(kde_tmp_dir, user_tmp_dir);
|
|
Kevin Kofler |
e28f8c1 |
}
|
|
Kevin Kofler |
e28f8c1 |
result = check_tmp_dir(tmp_buf);
|
|
Kevin Kofler |
e28f8c1 |
if (result == 0) return 0; /* Success */
|
|
Kevin Kofler |
e28f8c1 |
unlink(kde_tmp_dir);
|
|
Kevin Kofler |
e28f8c1 |
strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir));
|
|
Kevin Kofler |
e28f8c1 |
+#if 0
|
|
Kevin Kofler |
e28f8c1 |
mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
|
|
Kevin Kofler |
e28f8c1 |
+#else
|
|
Kevin Kofler |
e28f8c1 |
+ if (mkdtemp(user_tmp_dir)==0) return 1; /*JOWENN: isn't that the better solution ?? */
|
|
Kevin Kofler |
e28f8c1 |
+#endif
|
|
Kevin Kofler |
e28f8c1 |
return create_link(kde_tmp_dir, user_tmp_dir);
|
|
Kevin Kofler |
e28f8c1 |
}
|
|
Kevin Kofler |
e28f8c1 |
|