aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKris Kennaway <kris@FreeBSD.org>2000-11-04 22:23:19 +0000
committerKris Kennaway <kris@FreeBSD.org>2000-11-04 22:23:19 +0000
commitb3a5f6c29dfc2c09b67dab73ff97cb6b5fcb425b (patch)
tree3834c7aee4008f438ccaf3452c1d2889bd4b42f4
parentb2be84b1995b2e0ccd8af392ffaa13cdda39c531 (diff)
downloadsrc-b3a5f6c29dfc2c09b67dab73ff97cb6b5fcb425b.tar.gz
src-b3a5f6c29dfc2c09b67dab73ff97cb6b5fcb425b.zip
Import vendor fix for insecure temporary filename creation with the
'<<' operator, reported on bugtraq by proton <proton@ENERGYMECH.NET>
Notes
Notes: svn path=/vendor/tcsh/dist/; revision=68332
-rw-r--r--contrib/tcsh/sh.dol.c26
1 files changed, 19 insertions, 7 deletions
diff --git a/contrib/tcsh/sh.dol.c b/contrib/tcsh/sh.dol.c
index 29e5eb2a8460..4f1e9bd6b98b 100644
--- a/contrib/tcsh/sh.dol.c
+++ b/contrib/tcsh/sh.dol.c
@@ -1,4 +1,4 @@
-/* $Header: /src/pub/tcsh/sh.dol.c,v 3.40 2000/06/10 21:36:06 kim Exp $ */
+/* $Header: /src/pub/tcsh/sh.dol.c,v 3.42 2000/10/31 16:55:52 christos Exp $ */
/*
* sh.dol.c: Variable substitutions
*/
@@ -36,7 +36,7 @@
*/
#include "sh.h"
-RCSID("$Id: sh.dol.c,v 3.40 2000/06/10 21:36:06 kim Exp $")
+RCSID("$Id: sh.dol.c,v 3.42 2000/10/31 16:55:52 christos Exp $")
/*
* C shell
@@ -1017,7 +1017,7 @@ void
heredoc(term)
Char *term;
{
- register int c;
+ int c;
Char *Dv[2];
Char obuf[BUFSIZE], lbuf[BUFSIZE], mbuf[BUFSIZE];
int ocnt, lcnt, mcnt;
@@ -1025,7 +1025,9 @@ heredoc(term)
Char **vp;
bool quoted;
char *tmp;
+ struct timeval tv;
+again:
tmp = short2str(shtemp);
#ifndef O_CREAT
# define O_CREAT 0
@@ -1036,12 +1038,22 @@ heredoc(term)
#ifndef O_TEMPORARY
# define O_TEMPORARY 0
#endif
- if (open(tmp, O_RDWR|O_CREAT|O_TEMPORARY) < 0) {
- int oerrno = errno;
-
+#ifndef O_EXCL
+# define O_EXCL 0
+#endif
+ if (open(tmp, O_RDWR|O_CREAT|O_EXCL|O_TEMPORARY) == -1) {
+ int oerrno = errno;
+ if (errno == EEXIST) {
+ if (unlink(tmp) == -1) {
+ (void) gettimeofday(&tv, NULL);
+ shtemp = Strspl(STRtmpsh, putn((((int)tv.tv_sec) ^
+ ((int)tv.tv_usec) ^ ((int)doldol)) & 0x00ffffff));
+ }
+ goto again;
+ }
(void) unlink(tmp);
errno = oerrno;
- stderror(ERR_SYSTEM, tmp, strerror(errno));
+ stderror(ERR_SYSTEM, tmp, strerror(errno));
}
(void) unlink(tmp); /* 0 0 inode! */
Dv[0] = term;