r15451 - gnucash/branches/2.0 - /tmp/qof.trace or /tmp/gnucash.trace is opened for writing directly.
Derek Atkins
warlord at cvs.gnucash.org
Sun Jan 28 12:40:37 EST 2007
Author: warlord
Date: 2007-01-28 12:40:36 -0500 (Sun, 28 Jan 2007)
New Revision: 15451
Trac: http://svn.gnucash.org/trac/changeset/15451
Modified:
gnucash/branches/2.0/
gnucash/branches/2.0/ChangeLog
gnucash/branches/2.0/lib/libqof/qof/qoflog.c
Log:
/tmp/qof.trace or /tmp/gnucash.trace is opened for writing directly.
This could be a security issue if someone else, say, makes a symlink
to somewhere else. Instead, create a tempfile and then rename it
into place which is safe against the symlink attack.
Patch by Bill Nottingham <notting at redhat.com>
Audit by hampton
Merge from r15435
Property changes on: gnucash/branches/2.0
___________________________________________________________________
Name: svk:merge
- 3889ce50-311e-0410-a464-f059747ec5d1:/local/gnucash/branches/2.0:697
d2ab10a8-8a95-4986-baff-8d511d9f15b2:/local/gnucash/branches/2.0:13983
d2ab10a8-8a95-4986-baff-8d511d9f15b2:/local/gnucash/trunk:13282
+ 3889ce50-311e-0410-a464-f059747ec5d1:/local/gnucash/branches/2.0:697
d2ab10a8-8a95-4986-baff-8d511d9f15b2:/local/gnucash/branches/2.0:13993
d2ab10a8-8a95-4986-baff-8d511d9f15b2:/local/gnucash/trunk:13282
Modified: gnucash/branches/2.0/ChangeLog
===================================================================
--- gnucash/branches/2.0/ChangeLog 2007-01-28 14:13:27 UTC (rev 15450)
+++ gnucash/branches/2.0/ChangeLog 2007-01-28 17:40:36 UTC (rev 15451)
@@ -1,3 +1,11 @@
+2007-01-28 Derek Atkins <derek at ihtfp.com>
+
+ * /tmp/qof.trace or /tmp/gnucash.trace is opened for writing directly.
+ This could be a security issue if someone else, say, makes a symlink
+ to somewhere else. Instead, create a tempfile and then rename it
+ into place which is safe against the symlink attack.
+ Patch by Bill Nottingham <notting at redhat.com>
+
2007-01-27 Derek Atkins <derek at ihtfp.com>
* "string-match" uses regexp which can error out if a GNC Account
Modified: gnucash/branches/2.0/lib/libqof/qof/qoflog.c
===================================================================
--- gnucash/branches/2.0/lib/libqof/qof/qoflog.c 2007-01-28 14:13:27 UTC (rev 15450)
+++ gnucash/branches/2.0/lib/libqof/qof/qoflog.c 2007-01-28 17:40:36 UTC (rev 15451)
@@ -33,6 +33,7 @@
#warning unistd required.
#endif
#include <stdarg.h>
+#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
#include "qof.h"
@@ -43,9 +44,7 @@
#define NUM_CLOCKS 10
static FILE *fout = NULL;
-static gchar* filename = NULL;
static gchar* function_buffer = NULL;
-static const int MAX_TRACE_FILENAME = 100;
static GHashTable *log_table = NULL;
static gint qof_log_num_spaces = 0;
@@ -88,18 +87,19 @@
void
qof_log_init (void)
{
+ gchar *tempfile = "/tmp/qof.trace.XXXXXX";
+ const gchar *fname = "/tmp/qof.trace";
+
if(!fout) /* allow qof_log_set_file */
{
- fout = fopen ("/tmp/qof.trace", "w");
+ int fd;
+ if ((fd = mkstemp(tempfile)) != -1)
+ {
+ rename(tempfile, fname);
+ fout = fdopen(fd, "w");
+ }
}
- if(!fout && (filename = (gchar *)g_malloc(MAX_TRACE_FILENAME))) {
- snprintf(filename, MAX_TRACE_FILENAME-1, "/tmp/qof.trace.%d",
- getpid());
- fout = fopen (filename, "w");
- g_free(filename);
- }
-
if(!fout)
fout = stderr;
@@ -152,8 +152,19 @@
}
else
{
- filename = g_strdup(logfilename);
- fout = fopen(filename, "w");
+ gchar *fname = g_strconcat(logfilename, ".XXXXXX", NULL);
+ int fd;
+
+ if ((fd = mkstemp(fname)) != -1)
+ {
+ rename(fname, logfilename);
+ fout = fdopen(fd, "w");
+ }
+ else
+ {
+ fout = stderr;
+ }
+ g_free(fname);
}
qof_log_init();
}
@@ -162,7 +173,6 @@
qof_log_shutdown (void)
{
if(fout && fout != stderr) { fclose(fout); }
- if(filename) { g_free(filename); }
if(function_buffer) { g_free(function_buffer); }
g_hash_table_destroy(log_table);
}
More information about the gnucash-changes
mailing list