rpms/perl-HTTP-Tiny
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Do not use already existing temporary files

Browse Source
This commit is contained in:
Petr Písař 2013-11-27 12:23:39 +01:00
parent 2dacff0c7d
commit 693e0bc812
2 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
HTTP-Tiny-0.038-Do-not-use-already-existing-temporary-files.patch Normal file
View File

@ -0,0 +1,45 @@
From 5391d7a3c315afbdfb56d68b729cd20c0c6a893d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 27 Nov 2013 10:58:07 +0100
Subject: [PATCH 2/2] Do not use already existing temporary files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
mirror() method tries to create a new temporary file as can be
concluded by using random name.
To prevent from from attacks, one has to make sure the file does not
exist. This patch creates temporary files with O_CREAT|O_EXCL mode.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
lib/HTTP/Tiny.pm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/HTTP/Tiny.pm b/lib/HTTP/Tiny.pm
index 48763ff..04c4858 100644
--- a/lib/HTTP/Tiny.pm
+++ b/lib/HTTP/Tiny.pm
@@ -6,6 +6,7 @@ use warnings;
our $VERSION = '0.038'; # VERSION
use Carp ();
+use Fcntl ();
my @attributes;
@@ -113,8 +114,8 @@ sub mirror {
$args->{headers}{'if-modified-since'} ||= $self->_http_date($mtime);
}
my $tempfile = $file . int(rand(2**31));
- open my $fh, ">", $tempfile
- or Carp::croak(qq/Error: Could not open temporary file $tempfile for downloading: $!\n/);
+ sysopen my $fh, $tempfile, Fcntl::O_CREAT|Fcntl::O_EXCL|Fcntl::O_WRONLY
+ or Carp::croak(qq/Error: Could not create temporary file $tempfile for downloading: $!\n/);
binmode $fh;
$args->{data_callback} = sub {
print {$fh} $_[0]
--
1.8.3.1

6
perl-HTTP-Tiny.spec
View File

@ -9,6 +9,9 @@ Source0: http://www.cpan.org/authors/id/D/DA/DAGOLDEN/HTTP-Tiny-%{version
# Check for write failure, bug #1031096, # Check for write failure, bug #1031096,
# <https://github.com/chansen/p5-http-tiny/issues/32> # <https://github.com/chansen/p5-http-tiny/issues/32>
Patch0: HTTP-Tiny-0.038-Croak-on-failed-write-into-a-file.patch Patch0: HTTP-Tiny-0.038-Croak-on-failed-write-into-a-file.patch
# Do not use already existing temporary files, bug #1031096,
# <https://github.com/chansen/p5-http-tiny/issues/32>
Patch1: HTTP-Tiny-0.038-Do-not-use-already-existing-temporary-files.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: perl BuildRequires: perl
BuildRequires: perl(ExtUtils::MakeMaker) >= 6.17 BuildRequires: perl(ExtUtils::MakeMaker) >= 6.17
@ -18,6 +21,7 @@ BuildRequires: perl(warnings)
BuildRequires: perl(bytes) BuildRequires: perl(bytes)
BuildRequires: perl(Carp) BuildRequires: perl(Carp)
BuildRequires: perl(Errno) BuildRequires: perl(Errno)
BuildRequires: perl(Fcntl)
BuildRequires: perl(IO::Socket) BuildRequires: perl(IO::Socket)
# IO::Socket::SSL 1.56 is optional # IO::Socket::SSL 1.56 is optional
BuildRequires: perl(MIME::Base64) BuildRequires: perl(MIME::Base64)
@ -55,6 +59,7 @@ resumes after EINTR.
%prep %prep
%setup -q -n HTTP-Tiny-%{version} %setup -q -n HTTP-Tiny-%{version}
%patch0 -p1 %patch0 -p1
%patch1 -p1
%build %build
perl Makefile.PL INSTALLDIRS=vendor perl Makefile.PL INSTALLDIRS=vendor
@ -76,6 +81,7 @@ make test
%changelog %changelog
* Wed Nov 27 2013 Petr Pisar <ppisar@redhat.com> - 0.038-2 * Wed Nov 27 2013 Petr Pisar <ppisar@redhat.com> - 0.038-2
- Croak on failed write into a file (bug #1031096) - Croak on failed write into a file (bug #1031096)
- Do not use already existing temporary files (bug #1031096)
* Tue Nov 19 2013 Petr Pisar <ppisar@redhat.com> - 0.038-1 * Tue Nov 19 2013 Petr Pisar <ppisar@redhat.com> - 0.038-1
- 0.038 bump - 0.038 bump