0ce2cf9d2d
"Vulnerabilities in Berkeley MPEG Tools can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerabilities are caused due to temporary files being created insecurely in "/tmp." http://secunia.com/advisories/17008/ http://www.gentoo.org/security/en/glsa/glsa-200510-02.xml Patches from Gentoo.
44 lines
1.1 KiB
Text
44 lines
1.1 KiB
Text
$NetBSD: patch-ak,v 1.1 2005/10/05 11:45:46 salo Exp $
|
|
|
|
Fix for SA17008, from Gentoo.
|
|
|
|
--- ../convert/vidtojpeg.c.orig 1995-01-20 04:25:40.000000000 +0100
|
|
+++ ../convert/vidtojpeg.c 2005-10-05 13:16:27.000000000 +0200
|
|
@@ -123,9 +123,9 @@
|
|
XImage *ximage;
|
|
char *tdata;
|
|
char *obase;
|
|
- char ofname[256];
|
|
+ char ofname[4096], tempfile[4096];
|
|
int height, width;
|
|
- char command[256];
|
|
+ char command[4096];
|
|
|
|
|
|
if ((argc != 7) && (argc != 8))usage (argv[0]);
|
|
@@ -221,9 +221,11 @@
|
|
|
|
|
|
sprintf(ofname, "%s.%d.jpeg", obase, i);
|
|
- outFile = fopen("/tmp/foobar", "w");
|
|
+ sprintf(tempfile, "%s.%d.jpeg.tmp", obase, i);
|
|
+ outFile = fopen(tempfile, "w");
|
|
if (!outFile) {
|
|
perror("Couldn't open output file.");
|
|
+ exit(1);
|
|
}
|
|
|
|
for (r=0; r<height; r++) {
|
|
@@ -239,9 +241,10 @@
|
|
|
|
free(tdata);
|
|
|
|
- sprintf(command, "rawtoppm %d %d < /tmp/foobar | cjpeg > %s",
|
|
- width, height, ofname);
|
|
+ sprintf(command, "rawtoppm %d %d < %s | cjpeg > %s",
|
|
+ width, height, tempfile, ofname);
|
|
system(command);
|
|
+ unlink(tempfile);
|
|
}
|
|
}
|
|
|