[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

misc/mc Patches



Here are three patches for /usr/ports/misc/mc in case anyone with
access to the ports tree cares to add them.

These patches clean up the remaining tmpnam() problems. There still
remains one use of tempnam() but it looks innocuous.

I don't know if this is enough to un-mark the port BROKEN. The
previous gone-missing maintainer seems to have anticipated a
full security audit.

--
Jack J. Woehr                 # Ceterum censeo
PO Box 51, Golden, CO 80402   # in herbas belli
http://www.softwoehr.com      # ab idem desistamus.


*** vfs/tar.c.orig	Mon May 25 04:16:04 1998
--- vfs/tar.c	Sat Apr 14 01:44:59 2001
***************
*** 339,355 ****
--- 339,378 ----
  					int size, int fd, int type)
  {
      FILE *f;
+ #ifdef __OpenBSD__
+     int tmp_fd; 
+ #endif
      char *command;
      int i, result;
      int dash_number = 0;
      char buffer [8192];	/* Changed to 8K: better transfer size */
      
      current_archive->is_gzipped = tar_uncompressed_local;
+ 
+ #ifdef __OpenBSD__
+ #define TEMPFILE       "/tmp/mcXXXXXXXXXX"
+     current_archive->tmpname = strdup (TEMPFILE);
+     tmp_fd = mkstemp(current_archive->tmpname);
+ 
+     if (-1 == tmp_fd) {
+ 	mc_close (fd);
+ 	free_archive (current_archive);
+ 	return -1;
+     }
+ 
+     close(tmp_fd);
+ 
+     /* Some security is sometimes neccessary :) */
+     /* But mkstemp() obviates the need to "touch" the tmpname file. */
+     command = copy_strings ( ///// "touch ", current_archive->tmpname,
+                              ///// " ; chmod 0600 ", current_archive->tmpname, " ; ",
+ #else
      current_archive->tmpname = strdup (tmpnam (NULL));
      
      /* Some security is sometimes neccessary :) */        
      command = copy_strings ("touch ", current_archive->tmpname,
  			    " ; chmod 0600 ", current_archive->tmpname, " ; ",
+ #endif
  			    decompress_command (type),
  			    "2>/dev/null >", current_archive->tmpname, NULL);
      
*** vfs/extfs.c.orig	Sat Apr 14 01:32:15 2001
--- vfs/extfs.c	Sat Apr 14 01:43:52 2001
***************
*** 749,755 ****
--- 749,761 ----
      if (entry->inode->local_filename == NULL) {
          char *cmd, *archive_name;
          
+ #ifdef __OpenBSD__
+ #define TEMPFILE       "/tmp/mcXXXXXXXXXX"
+         entry->inode->local_filename = strdup (TEMPFILE);
+         close(mkstemp(entry->inode->local_filename));
+ #else
          entry->inode->local_filename = strdup (tmpnam (NULL));
+ #endif
  	p = extfs_get_path_from_entry (entry);
  	q = name_quote (p, 0);
  	free (p);
*** vfs/ftpfs.c.orig	Sat Apr 14 01:47:44 2001
--- vfs/ftpfs.c	Sat Apr 14 02:16:09 2001
***************
*** 1744,1754 ****
--- 1744,1771 ----
      int total, tmp_reget = do_reget;
      char buffer[8192];
      int local_handle, sock, n;
+ #ifdef __OpenBSD__
+     int tmp_fd;
+ #endif
      
      if (fe->local_filename)
          return 1;
      fe->local_stat.st_mtime = 0;
+ 
+ #ifdef __OpenBSD__
+ #define TEMPFILE       "/tmp/mcXXXXXXXXXX"
+     fe->local_filename = strdup(TEMPFILE);
+     tmp_fd = mkstemp(fe->local_filename);
+     if (-1 == tmp_fd) {
+       free(fe->local_filename);
+       fe->local_filename = NULL;
+     }
+     else {
+       close(tmp_fd);
+     }
+ #else
      fe->local_filename = strdup(tmpnam(NULL));
+ #endif
      fe->local_is_temp = 1;
      if (fe->local_filename == NULL) {
  	ftpfserrno = ENOMEM;
***************
*** 1851,1856 ****
--- 1868,1876 ----
      struct linklist *file_list, *lptr;
      struct ftpfs_dir *dcache;
      struct stat sb;
+ #ifdef __OpenBSD__
+     int tmp_fd;
+ #endif
  
      p = strrchr(file_name, '/');
      q = *p;
***************
*** 1911,1917 ****
--- 1931,1949 ----
  			ent->local_filename = 0;
  		    }
  		    if (flags & O_TRUNC) {
+ #ifdef __OpenBSD__
+ 			ent->local_filename = strdup(TEMPFILE);
+                         tmp_fd = mkstemp(ent->local_filename);
+                         if (-1 == tmp_fd) {
+                           free(ent->local_filename);
+                           ent->local_filename = NULL;
+ 	                }
+ 			else {
+ 			  close(tmp_fd);
+ 			}
+ #else
  			ent->local_filename = strdup(tmpnam(NULL));
+ #endif
  			if (ent->local_filename == NULL) {
  			    ftpfserrno = ENOMEM;
  			    return NULL;
***************
*** 1964,1970 ****
--- 1996,2014 ----
  	ent->bucket = bucket;
  	ent->name = strdup(p);
  	ent->remote_filename = strdup(file_name);
+ #ifdef __OpenBSD__
+ 	ent->local_filename = strdup(TEMPFILE);
+ 	tmp_fd = mkstemp(ent->local_filename);
+ 	if (-1 == tmp_fd) {
+ 	  free(ent->local_filename);
+ 	  ent->local_filename = NULL;
+ 	}
+ 	else {
+ 	  close(tmp_fd);
+ 	}
+ #else
  	ent->local_filename = strdup(tmpnam(NULL));
+ #endif
  	if (!ent->name && !ent->remote_filename && !ent->local_filename) {
  	    ftpentry_destructor(ent);
  	    ftpfserrno = ENOMEM;