AUDIT: r15435 - gnucash/trunk - /tmp/qof.trace or /tmp/gnucash.trace is opened for writing directly.

[Derek Atkins]

Author: warlord
Date: 2007-01-27 22:16:39 -0500 (Sat, 27 Jan 2007)
New Revision: 15435
Trac: http://svn.gnucash.org/trac/changeset/15435

Modified:
   gnucash/trunk/
   gnucash/trunk/lib/libqof/qof/qoflog.c
Log:
/tmp/qof.trace or /tmp/gnucash.trace is opened for writing directly.
This could be a security issue if someone else, say, makes a symlink
to somewhere else.  Instead, create a tempfile and then rename it
into place which is safe against the symlink attack.
Patch by Bill Nottingham <notting at redhat.com>
BP




Property changes on: gnucash/trunk
___________________________________________________________________
Name: svk:merge
   - 3889ce50-311e-0410-a464-f059747ec5d1:/local/gnucash/branches/swig-redo:802
3889ce50-311e-0410-a464-f059747ec5d1:/local/gnucash/trunk:1037
d2ab10a8-8a95-4986-baff-8d511d9f15b2:/local/gnucash/trunk:13930
d2ab10a8-8a95-4986-baff-8d511d9f15b2:/local/gnucash/trunk2:13366
   + 3889ce50-311e-0410-a464-f059747ec5d1:/local/gnucash/branches/swig-redo:802
3889ce50-311e-0410-a464-f059747ec5d1:/local/gnucash/trunk:1037
d2ab10a8-8a95-4986-baff-8d511d9f15b2:/local/gnucash/trunk:13965
d2ab10a8-8a95-4986-baff-8d511d9f15b2:/local/gnucash/trunk2:13366

Modified: gnucash/trunk/lib/libqof/qof/qoflog.c
===================================================================
--- gnucash/trunk/lib/libqof/qof/qoflog.c	2007-01-27 12:53:51 UTC (rev 15434)
+++ gnucash/trunk/lib/libqof/qof/qoflog.c	2007-01-28 03:16:39 UTC (rev 15435)
@@ -34,6 +34,7 @@
 #warning unistd required.
 #endif
 #include <stdarg.h>
+#include <stdlib.h>
 #include <string.h>
 #include <sys/time.h>
 #include "qof.h"
@@ -44,9 +45,7 @@
 #define NUM_CLOCKS 10
 
 static FILE *fout = NULL;
-static gchar* filename = NULL;
 static gchar* function_buffer = NULL;
-static const int MAX_TRACE_FILENAME = 100;
 static GHashTable *log_table = NULL;
 static gint qof_log_num_spaces = 0;
 
@@ -89,18 +88,19 @@
 void 
 qof_log_init (void)
 {
+   gchar *tempfile = "/tmp/qof.trace.XXXXXX";
+   const gchar *fname = "/tmp/qof.trace";
+
    if(!fout) /* allow qof_log_set_file */
    {
-	   fout = g_fopen ("/tmp/qof.trace", "w");
+       int fd;
+       if ((fd = mkstemp(tempfile)) != -1)
+       {
+	  rename(tempfile, fname);
+	  fout = fdopen(fd, "w");
+       }
    }
 
-   if(!fout && (filename = (gchar *)g_malloc(MAX_TRACE_FILENAME))) {
-      snprintf(filename, MAX_TRACE_FILENAME-1, "/tmp/qof.trace.%d", 
-	       getpid());
-      fout = g_fopen (filename, "w");
-      g_free(filename);
-   }
-
    if(!fout)
       fout = stderr;
 
@@ -153,8 +153,19 @@
 	}
 	else
 	{
-		filename = g_strdup(logfilename);
-		fout = g_fopen(filename, "w");
+	        gchar *fname = g_strconcat(logfilename, ".XXXXXX", NULL);
+		int fd;
+
+		if ((fd = mkstemp(fname)) != -1)
+		{
+                       rename(fname, logfilename);
+                       fout = fdopen(fd, "w");
+                }
+		else
+		{
+                       fout = stderr;
+		}
+		g_free(fname);
 	}
 	qof_log_init();
 }
@@ -163,7 +174,6 @@
 qof_log_shutdown (void)
 {
 	if(fout && fout != stderr) { fclose(fout); }
-	if(filename) { g_free(filename); }
 	if(function_buffer) { g_free(function_buffer); }
 	g_hash_table_destroy(log_table);
 }