doczkal / rpms / abrt

Forked from rpms/abrt 4 years ago
Clone

Blame SOURCES/0181-ccpp-save-abrt-core-files-only-to-new-files.patch

a60cd7
From f982995841607f06faaa055740310e0520c07c67 Mon Sep 17 00:00:00 2001
a60cd7
From: Jakub Filak <jfilak@redhat.com>
a60cd7
Date: Wed, 30 Sep 2015 12:24:32 +0200
a60cd7
Subject: [PATCH] ccpp: save abrt core files only to new files
a60cd7
a60cd7
Prior this commit abrt-hook-ccpp saved a core file generated by a
a60cd7
process running a program whose name starts with "abrt" in
a60cd7
DUMP_LOCATION/$(basename program)-coredump. If the file was a symlink,
a60cd7
the hook followed and wrote core file to the symlink's target.
a60cd7
a60cd7
This commit addresses CVE-2015-5287
a60cd7
Related: #1262252
a60cd7
a60cd7
Signed-off-by: Jakub Filak <jfilak@redhat.com>
a60cd7
---
a60cd7
 src/hooks/abrt-hook-ccpp.c | 3 ++-
a60cd7
 1 file changed, 2 insertions(+), 1 deletion(-)
a60cd7
a60cd7
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
a60cd7
index 7a19cc2..9648b16 100644
a60cd7
--- a/src/hooks/abrt-hook-ccpp.c
a60cd7
+++ b/src/hooks/abrt-hook-ccpp.c
a60cd7
@@ -857,7 +857,8 @@ int main(int argc, char** argv)
a60cd7
         if (snprintf(path, sizeof(path), "%s/%s-coredump", g_settings_dump_location, last_slash) >= sizeof(path))
a60cd7
             error_msg_and_die("Error saving '%s': truncated long file path", path);
a60cd7
 
a60cd7
-        int abrt_core_fd = xopen3(path, O_WRONLY | O_CREAT | O_TRUNC, 0600);
a60cd7
+        unlink(path);
a60cd7
+        int abrt_core_fd = xopen3(path, O_WRONLY | O_CREAT | O_EXCL, 0600);
a60cd7
         off_t core_size = copyfd_eof(STDIN_FILENO, abrt_core_fd, COPYFD_SPARSE);
a60cd7
         if (core_size < 0 || fsync(abrt_core_fd) != 0)
a60cd7
         {
a60cd7
-- 
a60cd7
1.8.3.1
a60cd7