cups/cups-str3382.patch

diff -up cups-1.4.3/cups/tempfile.c.str3382 cups-1.4.3/cups/tempfile.c
--- cups-1.4.3/cups/tempfile.c.str3382	2010-01-18 19:47:12.000000000 +0100
+++ cups-1.4.3/cups/tempfile.c	2010-03-31 13:26:52.000000000 +0200
@@ -35,6 +35,7 @@
 #  include <io.h>
 #else
 #  include <unistd.h>
+#  include <sys/types.h>
 #endif /* WIN32 || __EMX__ */
 
 
@@ -56,7 +57,7 @@ cupsTempFd(char *filename,		/* I - Point
   char		tmppath[1024];		/* Windows temporary directory */
   DWORD		curtime;		/* Current time */
 #else
-  struct timeval curtime;		/* Current time */
+  mode_t	old_umask;		/* Old umask before using mkstemp() */
 #endif /* WIN32 */
 
 
@@ -107,33 +108,25 @@ cupsTempFd(char *filename,		/* I - Point
 
     snprintf(filename, len - 1, "%s/%05lx%08lx", tmpdir,
              GetCurrentProcessId(), curtime);
-#else
-   /*
-    * Get the current time of day...
-    */
-
-    gettimeofday(&curtime, NULL);
-
-   /*
-    * Format a string using the hex time values...
-    */
-
-    snprintf(filename, len - 1, "%s/%05x%08x", tmpdir, (unsigned)getpid(),
-             (unsigned)(curtime.tv_sec + curtime.tv_usec + tries));
-#endif /* WIN32 */
 
    /*
     * Open the file in "exclusive" mode, making sure that we don't
     * stomp on an existing file or someone's symlink crack...
     */
 
-#ifdef WIN32
     fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY,
               _S_IREAD | _S_IWRITE);
-#elif defined(O_NOFOLLOW)
-    fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600);
 #else
-    fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600);
+
+   /*
+    * Use the standard mkstemp() call to make a temporary filename
+    * securely.  -- andrew.wood@jdplc.com
+    */
+    snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir);
+
+    old_umask = umask(0077);
+    fd = mkstemp(filename);
+    umask(old_umask);
 #endif /* WIN32 */
 
     if (fd < 0 && errno != EEXIST)
- 1.4.3. - No longer need CVE-2009-3553, str3381, str3390, str3391, str3403, str3407, str3413, str3418, str3422, str3425, str3428, str3431, str3435, str3436, str3439, str3440, str3442, str3448, str3458, str3460, cups-sidechannel-intrs, negative-snmp-string-length, cups-media-empty-warning patches. 2010-03-31 13:10:46 +00:00			`diff -up cups-1.4.3/cups/tempfile.c.str3382 cups-1.4.3/cups/tempfile.c`
			`--- cups-1.4.3/cups/tempfile.c.str3382 2010-01-18 19:47:12.000000000 +0100`
			`+++ cups-1.4.3/cups/tempfile.c 2010-03-31 13:26:52.000000000 +0200`
- Fix cups-lpd to create unique temporary data files (bug #529838). 2009-10-20 13:43:45 +00:00			`@@ -35,6 +35,7 @@`
			`# include <io.h>`
			`#else`
			`# include <unistd.h>`
			`+# include <sys/types.h>`
			`#endif /* WIN32 \|\| __EMX__ */`


			`@@ -56,7 +57,7 @@ cupsTempFd(char filename, / I - Point`
			`char tmppath[1024]; /* Windows temporary directory */`
			`DWORD curtime; /* Current time */`
			`#else`
			`- struct timeval curtime; /* Current time */`
			`+ mode_t old_umask; /* Old umask before using mkstemp() */`
			`#endif /* WIN32 */`


			`@@ -107,33 +108,25 @@ cupsTempFd(char filename, / I - Point`

			`snprintf(filename, len - 1, "%s/%05lx%08lx", tmpdir,`
			`GetCurrentProcessId(), curtime);`
			`-#else`
			`- /*`
			`- * Get the current time of day...`
			`- */`
			`-`
			`- gettimeofday(&curtime, NULL);`
			`-`
			`- /*`
			`- * Format a string using the hex time values...`
			`- */`
			`-`
- 1.4.3. - No longer need CVE-2009-3553, str3381, str3390, str3391, str3403, str3407, str3413, str3418, str3422, str3425, str3428, str3431, str3435, str3436, str3439, str3440, str3442, str3448, str3458, str3460, cups-sidechannel-intrs, negative-snmp-string-length, cups-media-empty-warning patches. 2010-03-31 13:10:46 +00:00			`- snprintf(filename, len - 1, "%s/%05x%08x", tmpdir, (unsigned)getpid(),`
			`- (unsigned)(curtime.tv_sec + curtime.tv_usec + tries));`
- Fix cups-lpd to create unique temporary data files (bug #529838). 2009-10-20 13:43:45 +00:00			`-#endif /* WIN32 */`

			`/*`
			`* Open the file in "exclusive" mode, making sure that we don't`
			`* stomp on an existing file or someone's symlink crack...`
			`*/`

			`-#ifdef WIN32`
			`fd = open(filename, _O_CREAT \| _O_RDWR \| _O_TRUNC \| _O_BINARY,`
			`_S_IREAD \| _S_IWRITE);`
			`-#elif defined(O_NOFOLLOW)`
			`- fd = open(filename, O_RDWR \| O_CREAT \| O_EXCL \| O_NOFOLLOW, 0600);`
			`#else`
			`- fd = open(filename, O_RDWR \| O_CREAT \| O_EXCL, 0600);`
			`+`
			`+ /*`
			`+ * Use the standard mkstemp() call to make a temporary filename`
			`+ * securely. -- andrew.wood@jdplc.com`
			`+ */`
			`+ snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir);`
			`+`
			`+ old_umask = umask(0077);`
			`+ fd = mkstemp(filename);`
			`+ umask(old_umask);`
			`#endif /* WIN32 */`

			`if (fd < 0 && errno != EEXIST)`