Make temporary directory safely when ~/.w3m is unwritablev0.5.3+git20170102+deb9u1 master-stretch

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888097 [CVE-2018-6198]
author: Tatsuya Kinoshita <tats@debian.org> 2018-01-25 16:03:53 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2018-01-26 09:40:18 +0000
commit: 10358a9ba68bba355bf7ba08c11715b7c26ecfc6 (patch)
tree: de41f813f112776a36938567fc9890054ac82ece
parent: Prevent invalid columnPos() call in formUpdateBuffer() (diff)
download: w3m-master-stretch.tar.gz
w3m-master-stretch.zip
2 files changed, 8 insertions, 0 deletions
diff --git a/main.c b/main.c
index 85b0003..b99928c 100644
--- a/main.c
+++ b/main.c
@@ -5972,6 +5972,11 @@ w3m_exit(int i)
 #ifdef __MINGW32_VERSION
     WSACleanup();
 #endif
+    if (no_rc_dir && tmp_dir != rc_dir)
+	if (rmdir(tmp_dir) != 0) {
+	    fprintf(stderr, "Can't remove temporary directory (%s)!\n", tmp_dir);
+	    exit(1);
+	}
     exit(i);
 }
 
diff --git a/rc.c b/rc.c
index 7de87b8..428241c 100644
--- a/rc.c
+++ b/rc.c
@@ -1330,6 +1330,9 @@ init_rc(void)
 	((tmp_dir = getenv("TMP")) == NULL || *tmp_dir == '\0') &&
 	((tmp_dir = getenv("TEMP")) == NULL || *tmp_dir == '\0'))
 	tmp_dir = "/tmp";
+    tmp_dir = mkdtemp(Strnew_m_charp(tmp_dir, "/w3m-XXXXXX", NULL)->ptr);
+    if (tmp_dir == NULL)
+	tmp_dir = rc_dir;
     create_option_search_table();
     goto open_rc;
 }
author	Tatsuya Kinoshita <tats@debian.org>	2018-01-25 16:03:53 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2018-01-26 09:40:18 +0000
commit	10358a9ba68bba355bf7ba08c11715b7c26ecfc6 (patch)
tree	de41f813f112776a36938567fc9890054ac82ece
parent	Prevent invalid columnPos() call in formUpdateBuffer() (diff)
download	w3m-master-stretch.tar.gz w3m-master-stretch.zip