Make temporary directory safely when ~/.w3m is unwritablev0.5.3+git20170102+deb9u1 master-stretch

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888097 [CVE-2018-6198]
author: Tatsuya Kinoshita <tats@debian.org> 2018-01-25 16:03:53 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2018-01-26 09:40:18 +0000
commit: 10358a9ba68bba355bf7ba08c11715b7c26ecfc6 (patch)
tree: de41f813f112776a36938567fc9890054ac82ece /rc.c
parent: Prevent invalid columnPos() call in formUpdateBuffer() (diff)
download: w3m-10358a9ba68bba355bf7ba08c11715b7c26ecfc6.tar.gz
w3m-10358a9ba68bba355bf7ba08c11715b7c26ecfc6.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/rc.c b/rc.c
index 7de87b8..428241c 100644
--- a/rc.c
+++ b/rc.c
@@ -1330,6 +1330,9 @@ init_rc(void)
 	((tmp_dir = getenv("TMP")) == NULL || *tmp_dir == '\0') &&
 	((tmp_dir = getenv("TEMP")) == NULL || *tmp_dir == '\0'))
 	tmp_dir = "/tmp";
+    tmp_dir = mkdtemp(Strnew_m_charp(tmp_dir, "/w3m-XXXXXX", NULL)->ptr);
+    if (tmp_dir == NULL)
+	tmp_dir = rc_dir;
     create_option_search_table();
     goto open_rc;
 }
author	Tatsuya Kinoshita <tats@debian.org>	2018-01-25 16:03:53 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2018-01-26 09:40:18 +0000
commit	10358a9ba68bba355bf7ba08c11715b7c26ecfc6 (patch)
tree	de41f813f112776a36938567fc9890054ac82ece /rc.c
parent	Prevent invalid columnPos() call in formUpdateBuffer() (diff)
download	w3m-10358a9ba68bba355bf7ba08c11715b7c26ecfc6.tar.gz w3m-10358a9ba68bba355bf7ba08c11715b7c26ecfc6.zip