|
Andy Lutomirski |
8e15cc |
From c0989dce2d882c94eb3183e7b94402ba53534abb Mon Sep 17 00:00:00 2001
|
|
Andy Lutomirski |
8e15cc |
Message-Id: <c0989dce2d882c94eb3183e7b94402ba53534abb.1398703637.git.luto@amacapital.net>
|
|
Andy Lutomirski |
8e15cc |
In-Reply-To: <3c5d5b344ee945b99e4bb16a44af6f293601813d.1398703637.git.luto@amacapital.net>
|
|
Andy Lutomirski |
8e15cc |
References: <3c5d5b344ee945b99e4bb16a44af6f293601813d.1398703637.git.luto@amacapital.net>
|
|
Andy Lutomirski |
8e15cc |
From: David Adam <zanchey@ucc.gu.uwa.edu.au>
|
|
Andy Lutomirski |
8e15cc |
Date: Sun, 20 Apr 2014 23:51:20 +0800
|
|
Andy Lutomirski |
8e15cc |
Subject: [PATCH 4/4] use mktemp(1) to generate temporary file names
|
|
Andy Lutomirski |
8e15cc |
|
|
Andy Lutomirski |
8e15cc |
Fix for CVE-2014-2906.
|
|
Andy Lutomirski |
8e15cc |
|
|
Andy Lutomirski |
8e15cc |
Closes a race condition in funced which would allow execution of
|
|
Andy Lutomirski |
8e15cc |
arbitrary code; closes a race condition in psub which would allow
|
|
Andy Lutomirski |
8e15cc |
alternation of the data stream.
|
|
Andy Lutomirski |
8e15cc |
|
|
Andy Lutomirski |
8e15cc |
Note that `psub -f` does not work (#1040); a fix should be committed
|
|
Andy Lutomirski |
8e15cc |
separately for ease of maintenance.
|
|
Andy Lutomirski |
8e15cc |
---
|
|
Andy Lutomirski |
8e15cc |
share/functions/funced.fish | 6 +-----
|
|
Andy Lutomirski |
8e15cc |
share/functions/psub.fish | 11 +++--------
|
|
Andy Lutomirski |
8e15cc |
2 files changed, 4 insertions(+), 13 deletions(-)
|
|
Andy Lutomirski |
8e15cc |
|
|
Andy Lutomirski |
8e15cc |
diff --git a/share/functions/funced.fish b/share/functions/funced.fish
|
|
Andy Lutomirski |
8e15cc |
index 3c2de06..ca2e277 100644
|
|
Andy Lutomirski |
8e15cc |
--- a/share/functions/funced.fish
|
|
Andy Lutomirski |
8e15cc |
+++ b/share/functions/funced.fish
|
|
Andy Lutomirski |
8e15cc |
@@ -81,11 +81,7 @@ function funced --description 'Edit function definition'
|
|
Andy Lutomirski |
8e15cc |
return 0
|
|
Andy Lutomirski |
8e15cc |
end
|
|
Andy Lutomirski |
8e15cc |
|
|
Andy Lutomirski |
8e15cc |
- set -q TMPDIR; or set -l TMPDIR /tmp
|
|
Andy Lutomirski |
8e15cc |
- set -l tmpname (printf "$TMPDIR/fish_funced_%d_%d.fish" %self (random))
|
|
Andy Lutomirski |
8e15cc |
- while test -f $tmpname
|
|
Andy Lutomirski |
8e15cc |
- set tmpname (printf "$TMPDIR/fish_funced_%d_%d.fish" %self (random))
|
|
Andy Lutomirski |
8e15cc |
- end
|
|
Andy Lutomirski |
8e15cc |
+ set tmpname (mktemp -t fish_funced.XXXXXXXXXX)
|
|
Andy Lutomirski |
8e15cc |
|
|
Andy Lutomirski |
8e15cc |
if functions -q -- $funcname
|
|
Andy Lutomirski |
8e15cc |
functions -- $funcname > $tmpname
|
|
Andy Lutomirski |
8e15cc |
diff --git a/share/functions/psub.fish b/share/functions/psub.fish
|
|
Andy Lutomirski |
8e15cc |
index 42e34c7..7877aa4 100644
|
|
Andy Lutomirski |
8e15cc |
--- a/share/functions/psub.fish
|
|
Andy Lutomirski |
8e15cc |
+++ b/share/functions/psub.fish
|
|
Andy Lutomirski |
8e15cc |
@@ -45,21 +45,16 @@ function psub --description "Read from stdin into a file and output the filename
|
|
Andy Lutomirski |
8e15cc |
return
|
|
Andy Lutomirski |
8e15cc |
end
|
|
Andy Lutomirski |
8e15cc |
|
|
Andy Lutomirski |
8e15cc |
- # Find unique file name for writing output to
|
|
Andy Lutomirski |
8e15cc |
- while true
|
|
Andy Lutomirski |
8e15cc |
- set filename /tmp/.psub.(echo %self).(random);
|
|
Andy Lutomirski |
8e15cc |
- if not test -e $filename
|
|
Andy Lutomirski |
8e15cc |
- break;
|
|
Andy Lutomirski |
8e15cc |
- end
|
|
Andy Lutomirski |
8e15cc |
- end
|
|
Andy Lutomirski |
8e15cc |
-
|
|
Andy Lutomirski |
8e15cc |
if test use_fifo = 1
|
|
Andy Lutomirski |
8e15cc |
# Write output to pipe. This needs to be done in the background so
|
|
Andy Lutomirski |
8e15cc |
# that the command substitution exits without needing to wait for
|
|
Andy Lutomirski |
8e15cc |
# all the commands to exit
|
|
Andy Lutomirski |
8e15cc |
+ set dir (mktemp -d /tmp/.psub.XXXXXXXXXX); or return
|
|
Andy Lutomirski |
8e15cc |
+ set filename $dir/psub.fifo
|
|
Andy Lutomirski |
8e15cc |
mkfifo $filename
|
|
Andy Lutomirski |
8e15cc |
cat >$filename &
|
|
Andy Lutomirski |
8e15cc |
else
|
|
Andy Lutomirski |
8e15cc |
+ set filename (mktemp /tmp/.psub.XXXXXXXXXX)
|
|
Andy Lutomirski |
8e15cc |
cat >$filename
|
|
Andy Lutomirski |
8e15cc |
end
|
|
Andy Lutomirski |
8e15cc |
|
|
Andy Lutomirski |
8e15cc |
--
|
|
Andy Lutomirski |
8e15cc |
1.9.0
|
|
Andy Lutomirski |
8e15cc |
|