aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2018-01-25 16:03:53 +0000
committerTatsuya Kinoshita <tats@debian.org>2018-01-26 09:40:18 +0000
commit10358a9ba68bba355bf7ba08c11715b7c26ecfc6 (patch)
treede41f813f112776a36938567fc9890054ac82ece
parentPrevent invalid columnPos() call in formUpdateBuffer() (diff)
downloadw3m-0.5.3+git20170102+deb9u1.tar.gz
w3m-0.5.3+git20170102+deb9u1.zip
Make temporary directory safely when ~/.w3m is unwritablev0.5.3+git20170102+deb9u1master-stretch
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888097 [CVE-2018-6198]
-rw-r--r--main.c5
-rw-r--r--rc.c3
2 files changed, 8 insertions, 0 deletions
diff --git a/main.c b/main.c
index 85b0003..b99928c 100644
--- a/main.c
+++ b/main.c
@@ -5972,6 +5972,11 @@ w3m_exit(int i)
#ifdef __MINGW32_VERSION
WSACleanup();
#endif
+ if (no_rc_dir && tmp_dir != rc_dir)
+ if (rmdir(tmp_dir) != 0) {
+ fprintf(stderr, "Can't remove temporary directory (%s)!\n", tmp_dir);
+ exit(1);
+ }
exit(i);
}
diff --git a/rc.c b/rc.c
index 7de87b8..428241c 100644
--- a/rc.c
+++ b/rc.c
@@ -1330,6 +1330,9 @@ init_rc(void)
((tmp_dir = getenv("TMP")) == NULL || *tmp_dir == '\0') &&
((tmp_dir = getenv("TEMP")) == NULL || *tmp_dir == '\0'))
tmp_dir = "/tmp";
+ tmp_dir = mkdtemp(Strnew_m_charp(tmp_dir, "/w3m-XXXXXX", NULL)->ptr);
+ if (tmp_dir == NULL)
+ tmp_dir = rc_dir;
create_option_search_table();
goto open_rc;
}