1f521b7055
* gnu/packages/mp3.scm (id3lib)[source]: Add patch. * gnu/packages/patches/id3lib-CVE-2007-4460.patch: New variable. * gnu/local.mk (dist_patch_DATA): Add it.
54 lines
1.6 KiB
Diff
54 lines
1.6 KiB
Diff
This patch fixes an issues where temporary files were created in an insecure
|
|
way.
|
|
|
|
It was first intruduced in version 3.8.3-7 and fixes
|
|
http://bugs.debian.org/438540
|
|
--- a/src/tag_file.cpp
|
|
+++ b/src/tag_file.cpp
|
|
@@ -242,8 +242,8 @@
|
|
strcpy(sTempFile, filename.c_str());
|
|
strcat(sTempFile, sTmpSuffix.c_str());
|
|
|
|
-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
|
|
- // This section is for Windows folk && gcc 3.x folk
|
|
+#if !defined(HAVE_MKSTEMP)
|
|
+ // This section is for Windows folk
|
|
fstream tmpOut;
|
|
createFile(sTempFile, tmpOut);
|
|
|
|
@@ -257,7 +257,7 @@
|
|
tmpOut.write((char *)tmpBuffer, nBytes);
|
|
}
|
|
|
|
-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
|
|
+#else //!defined(HAVE_MKSTEMP)
|
|
|
|
// else we gotta make a temp file, copy the tag into it, copy the
|
|
// rest of the old file after the tag, delete the old file, rename
|
|
@@ -270,7 +270,7 @@
|
|
//ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
|
|
}
|
|
|
|
- ofstream tmpOut(fd);
|
|
+ ofstream tmpOut(sTempFile);
|
|
if (!tmpOut)
|
|
{
|
|
tmpOut.close();
|
|
@@ -285,14 +285,14 @@
|
|
uchar tmpBuffer[BUFSIZ];
|
|
while (file)
|
|
{
|
|
- file.read(tmpBuffer, BUFSIZ);
|
|
+ file.read((char *)tmpBuffer, BUFSIZ);
|
|
size_t nBytes = file.gcount();
|
|
- tmpOut.write(tmpBuffer, nBytes);
|
|
+ tmpOut.write((char *)tmpBuffer, nBytes);
|
|
}
|
|
|
|
close(fd); //closes the file
|
|
|
|
-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
|
|
+#endif ////!defined(HAVE_MKSTEMP)
|
|
|
|
tmpOut.close();
|
|
file.close();
|