fold in patch from Jim Paris for use of mkstemps to improve security

[debian/as31] / debian / patches / as31-mkstemps.patch

diff --git a/debian/patches/as31-mkstemps.patch b/debian/patches/as31-mkstemps.patch
new file mode 100644 (file)
index 0000000..688cb59
--- /dev/null
+++ b/debian/patches/as31-mkstemps.patch
@@ -0,0 +1,34 @@
+--- as31-2.3.1/as31/run.c      2005-09-05 12:32:42.000000000 -0400
++++ as31-2.3.1-fixed/as31/run.c        2012-01-11 12:30:19.000000000 -0500
+@@ -39,8 +39,8 @@
+       char *incLineBuffer=NULL;
+       int incSizeBuf=0;
+       FILE* includeFile=NULL;
++      int fd;
+ 
+-      uid_t uid; 
+       /* first, figure out all the file names */
+ 
+       dashl = lst;
+@@ -95,11 +95,18 @@
+               }
+       }
+       
+-      uid = geteuid();
+-      sprintf(tmpName,"/tmp/as31-%i-%ld.asm",uid,random());
+-      fin = fopen(tmpName, "w");
++      sprintf(tmpName,"/tmp/as31-XXXXXX.asm");
++      fd = mkstemps(tmpName, 4);
++      if (fd == -1) {
++              mesg_f("Cannot create temp file\n");
++              if (outfile) free(outfile);
++              if (lstfile) free(lstfile);
++              return -1;
++      }
++      fin = fdopen(fd, "w");
+       if (fin == NULL) {
+               mesg_f("Cannot open temp file: %s\n",tmpName);
++              close(fd);
+               if (outfile) free(outfile);
+               if (lstfile) free(lstfile);
+               return -1;