04839ffa37
- Fix arbitrary code execution vulnerability in .bend files which contain a crafted RGBE file (CVE-2008-1102). - Create various temporary files in safer paths (CVE-2008-1103).
13 lines
506 B
Text
13 lines
506 B
Text
$NetBSD: patch-af,v 1.6 2008/05/17 10:33:15 tonnerre Exp $
|
|
|
|
--- source/blender/blenkernel/intern/blender.c.orig 2007-09-18 04:58:33.000000000 +0000
|
|
+++ source/blender/blenkernel/intern/blender.c
|
|
@@ -714,7 +714,7 @@ void BKE_undo_save_quit(void)
|
|
|
|
BLI_make_file_string("/", str, U.tempdir, "quit.blend");
|
|
|
|
- file = open(str,O_BINARY+O_WRONLY+O_CREAT+O_TRUNC, 0666);
|
|
+ file = open(str,O_BINARY|O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, 0666);
|
|
if(file == -1) {
|
|
printf("Unable to save %s\n", str);
|
|
return;
|