diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2018-01-26 09:49:25 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2018-01-26 09:49:25 +0000 |
commit | ddbf251840c7151f4befec53e3b6ebe6aba08aae (patch) | |
tree | c77340ccb636da2e98c7d49d9b81424678c27651 /debian/patches | |
parent | New patch 956_columnpos.patch to fix null deref [CVE-2018-6197] (diff) | |
download | w3m-ddbf251840c7151f4befec53e3b6ebe6aba08aae.tar.gz w3m-ddbf251840c7151f4befec53e3b6ebe6aba08aae.zip |
New patch 957_mkdtemp.patch to fix /tmp file races [CVE-2018-6198]
(closes: #888097)
Diffstat (limited to '')
-rw-r--r-- | debian/patches/957_mkdtemp.patch | 35 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 36 insertions, 0 deletions
diff --git a/debian/patches/957_mkdtemp.patch b/debian/patches/957_mkdtemp.patch new file mode 100644 index 0000000..7581a69 --- /dev/null +++ b/debian/patches/957_mkdtemp.patch @@ -0,0 +1,35 @@ +Subject: Make temporary directory safely when ~/.w3m is unwritable +From: Tatsuya Kinoshita <tats@debian.org> +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888097 [CVE-2018-6198] +Origin: https://salsa.debian.org/debian/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753 + +diff --git a/main.c b/main.c +index 85b0003..b99928c 100644 +--- a/main.c ++++ b/main.c +@@ -5972,6 +5972,11 @@ w3m_exit(int i) + #ifdef __MINGW32_VERSION + WSACleanup(); + #endif ++ if (no_rc_dir && tmp_dir != rc_dir) ++ if (rmdir(tmp_dir) != 0) { ++ fprintf(stderr, "Can't remove temporary directory (%s)!\n", tmp_dir); ++ exit(1); ++ } + exit(i); + } + +diff --git a/rc.c b/rc.c +index 7de87b8..428241c 100644 +--- a/rc.c ++++ b/rc.c +@@ -1330,6 +1330,9 @@ init_rc(void) + ((tmp_dir = getenv("TMP")) == NULL || *tmp_dir == '\0') && + ((tmp_dir = getenv("TEMP")) == NULL || *tmp_dir == '\0')) + tmp_dir = "/tmp"; ++ tmp_dir = mkdtemp(Strnew_m_charp(tmp_dir, "/w3m-XXXXXX", NULL)->ptr); ++ if (tmp_dir == NULL) ++ tmp_dir = rc_dir; + create_option_search_table(); + goto open_rc; + } diff --git a/debian/patches/series b/debian/patches/series index 3600e96..8cedc6a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ 020_debian.patch 955_tbl-indent.patch 956_columnpos.patch +957_mkdtemp.patch |