rpms/cscope
7
0
Fork 0
Code Issues Pull Requests Releases Activity

adding temp file security fix

Browse Source
This commit is contained in:
Neil Horman 2004-11-30 21:52:48 +00:00
parent 492f30ecfc
commit cf86bbb54a
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
cscope-15.5-tempsec.patch Normal file
View File

@ -0,0 +1,47 @@
--- cscope-15.5/src/main.c.orig 2004-11-30 10:47:56.000000000 -0500
+++ cscope-15.5/src/main.c 2004-11-30 12:58:13.000000000 -0500
@@ -102,6 +102,7 @@
#endif
char temp1[PATHLEN + 1]; /* temporary file name */
char temp2[PATHLEN + 1]; /* temporary file name */
+char tempdirpv[PATHLEN +1]; /* private temp directory */
long totalterms; /* total inverted index terms */
BOOL trun_syms; /* truncate symbols to 8 characters */
char tempstring[8192]; /* use this as a buffer, instead of 'yytext',
@@ -138,6 +139,7 @@
pid_t pid;
struct stat stat_buf;
struct sigaction winch_action;
+ mode_t orig_umask;
yyin = stdin;
yyout = stdout;
@@ -344,9 +346,18 @@
}
/* create the temporary file names */
+ orig_umask = umask(S_IRWXG|S_IRWXO);
pid = getpid();
- (void) sprintf(temp1, "%s/cscope%d.1", tmpdir, pid);
- (void) sprintf(temp2, "%s/cscope%d.2", tmpdir, pid);
+ (void) sprintf(tempdirpv, "%s/cscope.%d", tmpdir, pid);
+ if(mkdir(tempdirpv,S_IRWXU))
+ {
+ fprintf(stderr, "cscope: Could not create private temp dir %s\n",tempdirpv);
+ myexit(1);
+ }
+ umask(orig_umask);
+
+ (void) sprintf(temp1, "%s/cscope.1", tempdirpv, pid);
+ (void) sprintf(temp2, "%s/cscope.2", tempdirpv, pid);
/* if running in the foreground */
if (signal(SIGINT, SIG_IGN) != SIG_IGN) {
@@ -848,6 +859,7 @@
if (temp1[0] != '\0') {
(void) unlink(temp1);
(void) unlink(temp2);
+ (void) rmdir(tempdirpv);
}
/* restore the terminal to its original mode */
if (incurses == YES) {

7
cscope.spec
View File

@ -1,7 +1,7 @@
Summary: C source code tree search and browse tool Summary: C source code tree search and browse tool
Name: cscope Name: cscope
Version: 15.5 Version: 15.5
Release: 8 Release: 9
Source0: http://unc.dl.sourceforge.net/sourceforge/cscope/cscope-15.5.tar.gz Source0: http://unc.dl.sourceforge.net/sourceforge/cscope/cscope-15.5.tar.gz
URL: http://cscope.sourceforge.net URL: http://cscope.sourceforge.net
License: BSD License: BSD
@ -19,6 +19,7 @@ Patch2:cscope-15.5-ocs-dash_s_fix.patch
Patch3:cscope-15.5-xcscope-man.patch Patch3:cscope-15.5-xcscope-man.patch
Patch4:cscope-15.5-inverted.patch Patch4:cscope-15.5-inverted.patch
Patch5:cscope-15.5-resize.patch Patch5:cscope-15.5-resize.patch
Patch6:cscope-15.5-tempsec.patch
%description %description
cscope is a mature, ncurses based, C source code tree browsing tool. It cscope is a mature, ncurses based, C source code tree browsing tool. It
@ -35,6 +36,7 @@ matches for use in file editing.
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1
%build %build
%configure %configure
@ -83,6 +85,9 @@ rm -f %{xemacs_lisp_path}/xcscope.el
rm -f %{emacs_lisp_path}/xcscope.el rm -f %{emacs_lisp_path}/xcscope.el
%changelog %changelog
* Tue Nov 30 2004 Neil Horman <nhorman@redhat.com>
- added tempsec patch to fix bz140764/140765
* Mon Nov 29 2004 Neil Horman <nhorman@redhat.com> * Mon Nov 29 2004 Neil Horman <nhorman@redhat.com>
- updated cscope resize patch to do less work in - updated cscope resize patch to do less work in
signal handler and synced version nr. on dist. signal handler and synced version nr. on dist.