Security fix for insecure temporary file use

(a CVE identifier has been requested but not assigned as of yet) ok aja@ (MAINTAINER)
2014-02-03 19:06:42 +00:00 · 2014-02-03 19:06:42 +00:00 · 2a66fa7584
commit 2a66fa7584
parent bfeae11b20
3 changed files with 77 additions and 2 deletions
--- a/print/a2ps/Makefile
+++ b/print/a2ps/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.56 2013/11/09 23:19:03 naddy Exp $
+# $OpenBSD: Makefile,v 1.57 2014/02/03 19:06:42 jasper Exp $

 COMMENT=	format files for printing on PostScript printers

 DISTNAME=	a2ps-4.14
-REVISION=	8
+REVISION=	9

 SHARED_LIBS +=  a2ps                 2.0      # 2.0

--- a/print/a2ps/patches/patch-lib_routines_c
+++ b/print/a2ps/patches/patch-lib_routines_c
@ -0,0 +1,58 @@
+$OpenBSD: patch-lib_routines_c,v 1.1 2014/02/03 19:06:42 jasper Exp $
+
+Security fix for CVE-2014-????
+https://bugzilla.redhat.com/show_bug.cgi?id=1060630
+
+--- lib/routines.c.orig	Sat Dec 29 02:58:23 2007
+++ lib/routines.c	Mon Feb  3 18:27:12 2014
+@@ -242,3 +242,50 @@ unlink2 (PARAM_UNUSED void * dummy, const char * filen
+   /* Don't complain if you can't unlink.  Who cares of a tmp file? */
+   unlink (filename);
+ }
+
+/*
+ * Securely generate a temp file, and make sure it gets
+ * deleted upon exit.
+ */
+static char **	tempfiles;
+static unsigned	ntempfiles;
+
+static void
+cleanup_tempfiles()
+{
+	while (ntempfiles--)
+		unlink(tempfiles[ntempfiles]);
+}
+
+char *
+safe_tempnam(const char *pfx)
+{
+	char	*dirname, *filename;
+	int	fd;
+
+	if (!(dirname = getenv("TMPDIR")))
+		dirname = "/tmp";
+
+	tempfiles = (char **) realloc(tempfiles,
+			(ntempfiles+1) * sizeof(char *));
+	if (tempfiles == NULL)
+		return NULL;
+
+	filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
+	if (!filename)
+		return NULL;
+
+	sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
+
+	if ((fd = mkstemp(filename)) < 0) {
+		free(filename);
+		return NULL;
+	}
+	close(fd);
+
+	if (ntempfiles == 0)
+		atexit(cleanup_tempfiles);
+	tempfiles[ntempfiles++] = filename;
+
+	return filename;
+}
--- a/print/a2ps/patches/patch-lib_routines_h
+++ b/print/a2ps/patches/patch-lib_routines_h
@ -0,0 +1,17 @@
+$OpenBSD: patch-lib_routines_h,v 1.1 2014/02/03 19:06:42 jasper Exp $
+
+Security fix for CVE-2014-????
+https://bugzilla.redhat.com/show_bug.cgi?id=1060630
+
+--- lib/routines.h.orig	Sat Dec 29 02:37:59 2007
+++ lib/routines.h	Mon Feb  3 18:27:12 2014
+@@ -255,7 +255,8 @@ FILE * xwpopen PARAMS ((const char * command));
+ /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
+ #define tempname_ensure(Str)				\
+ do {							\
+-  (Str) = (Str) ? (Str) : tempnam (NULL, "a2_");	\
+  (Str) = (Str) ? (Str) : safe_tempnam("a2_");	\
+ } while (0)
+char * safe_tempnam(const char *);
+ 
+ #endif