From 5dac6a8388f232f43f12350924b53171c80601ab Mon Sep 17 00:00:00 2001 From: robert Date: Thu, 26 May 2005 03:34:21 +0000 Subject: [PATCH] SECURITY: fix an insecure temporary file creation in fixproc; bump PKGNAME http://www.vuxml.org/openbsd/75ecb34c-cc7d-11d9-8e94-00065bd5b0b6.html ok naddy@ --- net/net-snmp/Makefile | 4 +- net/net-snmp/patches/patch-local_fixproc | 72 ++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 net/net-snmp/patches/patch-local_fixproc diff --git a/net/net-snmp/Makefile b/net/net-snmp/Makefile index 9b3b00b8992..88573d0259a 100644 --- a/net/net-snmp/Makefile +++ b/net/net-snmp/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.8 2005/04/09 23:31:28 espie Exp $ +# $OpenBSD: Makefile,v 1.9 2005/05/26 03:34:21 robert Exp $ SHARED_ONLY= Yes @@ -6,7 +6,7 @@ COMMENT= "extendable SNMP implementation" COMMENT-perl= "SNMP modules for Perl" DISTNAME= net-snmp-5.1.2 -PKGNAME= ${DISTNAME}p0 +PKGNAME= ${DISTNAME}p1 FULLPKGNAME-perl= p5-SNMP-5.1.2p0 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=net-snmp/} diff --git a/net/net-snmp/patches/patch-local_fixproc b/net/net-snmp/patches/patch-local_fixproc new file mode 100644 index 00000000000..55927f3b635 --- /dev/null +++ b/net/net-snmp/patches/patch-local_fixproc @@ -0,0 +1,72 @@ +$OpenBSD: patch-local_fixproc,v 1.1 2005/05/26 03:34:21 robert Exp $ +--- local/fixproc.orig Wed May 25 19:21:01 2005 ++++ local/fixproc Wed May 25 19:24:51 2005 +@@ -129,6 +129,8 @@ + # + # Timothy Kong 3/1995 + ++use File::Temp qw(tempfile); ++ + $database_file = '/local/etc/fixproc.conf'; + + $debug = 0; # specify debug level using -dN +@@ -191,20 +193,19 @@ + sub create_sh_script + { + local ($file) = pop (@_); ++ local ($fh) = pop (@_); + local ($i) = pop (@_); + + printf (stderr "create_sh_script\n") if ($debug > 0); + + $! = $fixproc_error; +- open (file, ">"."$file") || die "$0: cannot open $file\n"; + while ( $shell_lines[$i] ne $shell_end_marker ) + { +- printf (file "%s", $shell_lines[$i]); ++ printf ($fh "%s", $shell_lines[$i]); + $i++; + } +- close (file); +- system "chmod +x $file"; +- return file; ++ close ($fh); ++ chmod 0755, $file; + } + + +@@ -230,14 +231,13 @@ + else + { + # it must be "shell", so execute the shell script defined in database ++ local ($tmpfh, $tmpfile) = tempfile("fix_XXXXXXXX", DIR => "/tmp"); + +- local ($tmpfile) = "/tmp/fix_$$"; ++ &create_sh_script ($fix{$proc}, $tmpfh, $tmpfile); + +- &create_sh_script ($fix{$proc}, $tmpfile); +- + # return code is number divided by 256 + $error_code = (system "$tmpfile") / 256; +- system "rm $tmpfile"; ++ unlink($tmpfile); + return ($fix_failed_error) if ($error_code != 0); + # sleep needed here? + return &do_exist ($proc); +@@ -262,13 +262,13 @@ + # if not "exist", then it must be "shell", so execute the shell script + # defined in database + +- local ($tmpfile) = "/tmp/check_$$"; ++ local ($tmpfh, $tmpfile) = tempfile("check_XXXXXXXX", DIR => "/tmp"); + +- &create_sh_script ($check{$proc}, $tmpfile); ++ &create_sh_script ($fix{$proc}, $tmpfh, $tmpfile); + + # return code is number divided by 256 + $error_code = (system "$tmpfile") / 256; +- system "rm $tmpfile"; ++ unlink($tmpfile); + return ($check_failed_error) if ($error_code != 0); + + # check passed, continue