cups/cups-str3382.patch

63 lines
1.8 KiB
Diff
Raw Normal View History

diff -up cups-2.2.7/cups/tempfile.c.str3382 cups-2.2.7/cups/tempfile.c
--- cups-2.2.7/cups/tempfile.c.str3382 2018-03-23 04:48:36.000000000 +0100
+++ cups-2.2.7/cups/tempfile.c 2018-04-03 14:21:54.567221492 +0200
@@ -25,6 +25,7 @@
# include <io.h>
#else
# include <unistd.h>
+# include <sys/types.h>
#endif /* WIN32 || __EMX__ */
2014-09-12 16:19:24 +00:00
@@ -48,7 +49,7 @@ cupsTempFd(char *filename, /* I - Point
#ifdef WIN32
DWORD curtime; /* Current time */
#else
- struct timeval curtime; /* Current time */
+ mode_t old_umask; /* Old umask before using mkstemp() */
#endif /* WIN32 */
@@ -114,32 +115,24 @@ cupsTempFd(char *filename, /* I - Point
2014-09-12 16:19:24 +00:00
*/
2014-09-12 16:19:24 +00:00
snprintf(filename, (size_t)len - 1, "%s/%05lx%08lx", tmpdir, GetCurrentProcessId(), curtime);
-#else
- /*
- * Get the current time of day...
- */
-
- gettimeofday(&curtime, NULL);
-
- /*
- * Format a string using the hex time values...
- */
-
2014-09-12 16:19:24 +00:00
- snprintf(filename, (size_t)len - 1, "%s/%05x%08x", tmpdir, (unsigned)getpid(), (unsigned)(curtime.tv_sec + curtime.tv_usec + tries));
-#endif /* WIN32 */
/*
* Open the file in "exclusive" mode, making sure that we don't
* stomp on an existing file or someone's symlink crack...
*/
-#ifdef WIN32
fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY,
_S_IREAD | _S_IWRITE);
-#elif defined(O_NOFOLLOW)
- fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600);
#else
- fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600);
+ /*
+ * Use the standard mkstemp() call to make a temporary filename
+ * securely. -- andrew.wood@jdplc.com
+ */
+ snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir);
+
+ old_umask = umask(0077);
+ fd = mkstemp(filename);
+ umask(old_umask);
#endif /* WIN32 */
if (fd < 0 && errno != EEXIST)