diff options
Diffstat (limited to 'cups-str3382.patch')
| -rw-r--r-- | cups-str3382.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/cups-str3382.patch b/cups-str3382.patch new file mode 100644 index 0000000..2e8736d --- /dev/null +++ b/cups-str3382.patch @@ -0,0 +1,64 @@ +diff -up cups-1.5b1/cups/tempfile.c.str3382 cups-1.5b1/cups/tempfile.c +--- cups-1.5b1/cups/tempfile.c.str3382 2010-03-24 01:45:34.000000000 +0100 ++++ cups-1.5b1/cups/tempfile.c 2011-05-24 16:04:47.000000000 +0200 +@@ -33,6 +33,7 @@ + # include <io.h> + #else + # include <unistd.h> ++# include <sys/types.h> + #endif /* WIN32 || __EMX__ */ + + +@@ -54,7 +55,7 @@ cupsTempFd(char *filename, /* I - Point + char tmppath[1024]; /* Windows temporary directory */ + DWORD curtime; /* Current time */ + #else +- struct timeval curtime; /* Current time */ ++ mode_t old_umask; /* Old umask before using mkstemp() */ + #endif /* WIN32 */ + + +@@ -105,33 +106,25 @@ cupsTempFd(char *filename, /* I - Point + + snprintf(filename, len - 1, "%s/%05lx%08lx", tmpdir, + GetCurrentProcessId(), curtime); +-#else +- /* +- * Get the current time of day... +- */ +- +- gettimeofday(&curtime, NULL); +- +- /* +- * Format a string using the hex time values... +- */ +- +- snprintf(filename, len - 1, "%s/%05x%08x", tmpdir, (unsigned)getpid(), +- (unsigned)(curtime.tv_sec + curtime.tv_usec + tries)); +-#endif /* WIN32 */ + + /* + * Open the file in "exclusive" mode, making sure that we don't + * stomp on an existing file or someone's symlink crack... + */ + +-#ifdef WIN32 + fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY, + _S_IREAD | _S_IWRITE); +-#elif defined(O_NOFOLLOW) +- fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600); + #else +- fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600); ++ ++ /* ++ * Use the standard mkstemp() call to make a temporary filename ++ * securely. -- andrew.wood@jdplc.com ++ */ ++ snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir); ++ ++ old_umask = umask(0077); ++ fd = mkstemp(filename); ++ umask(old_umask); + #endif /* WIN32 */ + + if (fd < 0 && errno != EEXIST) |