Add a patch which fixes CVE-2007-4460, insecure temporary file

handling. Approved by: maintainer
svn path=/head/; revision=200581
2007-10-02 01:59:40 +00:00 · 2007-10-02 01:59:40 +00:00 · 7ab0401bee · 2021-03-31 03:12:20 +00:00
commit 7ab0401bee
parent cbec3d25f6
1 changed files with 49 additions and 0 deletions
--- a/audio/id3lib/files/patch-CVE-2007-4460
+++ b/audio/id3lib/files/patch-CVE-2007-4460
@ -0,0 +1,49 @@
+--- ./src/tag_file.cpp.orig	2003-03-02 08:23:00.000000000 +0800
+++ ./src/tag_file.cpp	2007-10-02 05:23:26.519473634 +0800
+@@ -242,8 +242,8 @@
+     strcpy(sTempFile, filename.c_str());
+     strcat(sTempFile, sTmpSuffix.c_str());
+ 
+-#if ((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
+-    // This section is for Windows folk && gcc 3.x folk
+#if !defined(HAVE_MKSTEMP)
+    // This section is for Windows folk
+     fstream tmpOut;
+     createFile(sTempFile, tmpOut);
+ 
+@@ -257,7 +257,7 @@
+       tmpOut.write((char *)tmpBuffer, nBytes);
+     }
+ 
+-#else //((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
+#else //!defined(HAVE_MKSTEMP)
+ 
+     // else we gotta make a temp file, copy the tag into it, copy the
+     // rest of the old file after the tag, delete the old file, rename
+@@ -270,7 +270,7 @@
+       //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
+     }
+ 
+-    ofstream tmpOut(fd);
+    ofstream tmpOut(sTempFile);
+     if (!tmpOut)
+     {
+       tmpOut.close();
+@@ -285,14 +285,14 @@
+     uchar tmpBuffer[BUFSIZ];
+     while (file)
+     {
+-      file.read(tmpBuffer, BUFSIZ);
+      file.read((char *)tmpBuffer, BUFSIZ);
+       size_t nBytes = file.gcount();
+-      tmpOut.write(tmpBuffer, nBytes);
+      tmpOut.write((char *)tmpBuffer, nBytes);
+     }
+ 
+     close(fd); //closes the file
+ 
+-#endif ////((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
+#endif ////!defined(HAVE_MKSTEMP)
+ 
+     tmpOut.close();
+     file.close();