]>
Commit | Line | Data |
---|---|---|
8edf4722 | 1 | From Debian: |
2 | ||
3 | * Fixed RC bug "file permissions modification race (CAN-2005-0953)", closes: | |
4 | #303300. Patch by Santiago Ruano Rincon <santiago@unicauca.edu.co>. | |
5 | Original patch available at | |
6 | http://marc.theaimsgroup.com/?l=bugtraq&m=111352423504277&w=2 | |
7 | ||
8 | --- bzip2-1.0.2.orig/bzip2.c | |
9 | +++ bzip2-1.0.2/bzip2.c | |
10 | @@ -312,6 +312,7 @@ | |
11 | ||
12 | static void copyFileName ( Char*, Char* ); | |
13 | static void* myMalloc ( Int32 ); | |
14 | +static int applySavedFileAttrToOutputFile ( int fd ); | |
15 | ||
16 | ||
17 | ||
18 | @@ -457,6 +458,10 @@ | |
19 | ret = fflush ( zStream ); | |
20 | if (ret == EOF) goto errhandler_io; | |
21 | if (zStream != stdout) { | |
22 | + int fd = fileno ( zStream ); | |
23 | + if (fd < 0) goto errhandler_io; | |
24 | + ret = applySavedFileAttrToOutputFile ( fd ); | |
25 | + if (ret != 0) goto errhandler_io; | |
26 | ret = fclose ( zStream ); | |
27 | outputHandleJustInCase = NULL; | |
28 | if (ret == EOF) goto errhandler_io; | |
29 | @@ -567,6 +574,12 @@ | |
30 | ||
31 | closeok: | |
32 | if (ferror(zStream)) goto errhandler_io; | |
33 | + if ( stream != stdout) { | |
34 | + int fd = fileno ( stream ); | |
35 | + if (fd < 0) goto errhandler_io; | |
36 | + ret = applySavedFileAttrToOutputFile ( fd ); | |
37 | + if (ret != 0) goto errhandler_io; | |
38 | + } | |
39 | ret = fclose ( zStream ); | |
40 | if (ret == EOF) goto errhandler_io; | |
41 | ||
42 | @@ -1125,7 +1140,7 @@ | |
43 | ||
44 | ||
45 | static | |
46 | -void applySavedMetaInfoToOutputFile ( Char *dstName ) | |
47 | +void applySavedTimeInfoToOutputFile ( Char *dstName ) | |
48 | { | |
49 | # if BZ_UNIX | |
50 | IntNative retVal; | |
51 | @@ -1134,16 +1149,26 @@ | |
52 | uTimBuf.actime = fileMetaInfo.st_atime; | |
53 | uTimBuf.modtime = fileMetaInfo.st_mtime; | |
54 | ||
55 | - retVal = chmod ( dstName, fileMetaInfo.st_mode ); | |
56 | - ERROR_IF_NOT_ZERO ( retVal ); | |
57 | - | |
58 | retVal = utime ( dstName, &uTimBuf ); | |
59 | ERROR_IF_NOT_ZERO ( retVal ); | |
60 | +# endif | |
61 | +} | |
62 | ||
63 | - retVal = chown ( dstName, fileMetaInfo.st_uid, fileMetaInfo.st_gid ); | |
64 | +static | |
65 | +int applySavedFileAttrToOutputFile ( int fd ) | |
66 | +{ | |
67 | +# if BZ_UNIX | |
68 | + IntNative retVal; | |
69 | + | |
70 | + retVal = fchmod ( fd, fileMetaInfo.st_mode ); | |
71 | + if (retVal != 0) | |
72 | + return retVal; | |
73 | + | |
74 | + (void) fchown ( fd, fileMetaInfo.st_uid, fileMetaInfo.st_gid ); | |
75 | /* chown() will in many cases return with EPERM, which can | |
76 | be safely ignored. | |
77 | */ | |
78 | + return 0; | |
79 | # endif | |
80 | } | |
81 | ||
82 | @@ -1366,7 +1391,7 @@ | |
83 | ||
84 | /*--- If there was an I/O error, we won't get here. ---*/ | |
85 | if ( srcMode == SM_F2F ) { | |
86 | - applySavedMetaInfoToOutputFile ( outName ); | |
87 | + applySavedTimeInfoToOutputFile ( outName ); | |
88 | deleteOutputOnInterrupt = False; | |
89 | if ( !keepInputFiles ) { | |
90 | IntNative retVal = remove ( inName ); | |
91 | @@ -1544,7 +1569,7 @@ | |
92 | /*--- If there was an I/O error, we won't get here. ---*/ | |
93 | if ( magicNumberOK ) { | |
94 | if ( srcMode == SM_F2F ) { | |
95 | - applySavedMetaInfoToOutputFile ( outName ); | |
96 | + applySavedTimeInfoToOutputFile ( outName ); | |
97 | deleteOutputOnInterrupt = False; | |
98 | if ( !keepInputFiles ) { | |
99 | IntNative retVal = remove ( inName ); | |
100 | --- bzip2-1.0.2.orig/bzip2recover.c | |
101 | +++ bzip2-1.0.2/bzip2recover.c | |
102 | @@ -56,6 +56,8 @@ | |
103 | #include <errno.h> | |
104 | #include <stdlib.h> | |
105 | #include <string.h> | |
106 | +#include <fcntl.h> | |
107 | +#include <unistd.h> | |
108 | ||
109 | ||
110 | /* This program records bit locations in the file to be recovered. | |
111 | @@ -301,6 +303,19 @@ | |
112 | name[n-1] == '2'); | |
113 | } | |
114 | ||
115 | +/*---------------------------------------------*/ | |
116 | +/* Open an output file safely with O_EXCL and good permissions */ | |
117 | +FILE* fopen_output( Char* name, const char* mode ) | |
118 | +{ | |
119 | + FILE *fp; | |
120 | + int fh; | |
121 | + | |
122 | + fh = open(name, O_WRONLY|O_CREAT|O_EXCL, 0600); | |
123 | + if (fh == -1) return NULL; | |
124 | + fp = fdopen(fh, mode); | |
125 | + if (fp == NULL) close(fh); | |
126 | + return fp; | |
127 | +} | |
128 | ||
129 | /*---------------------------------------------------*/ | |
130 | /*--- ---*/ | |
131 | @@ -338,6 +353,7 @@ | |
132 | Int32 b, wrBlock, currBlock, rbCtr; | |
133 | MaybeUInt64 bitsRead; | |
134 | ||
135 | + | |
136 | UInt32 buffHi, buffLo, blockCRC; | |
137 | Char* p; | |
138 | ||
139 | @@ -518,7 +534,7 @@ | |
140 | fprintf ( stderr, " writing block %d to `%s' ...\n", | |
141 | wrBlock+1, outFileName ); | |
142 | ||
143 | - outFile = fopen ( outFileName, "wb" ); | |
144 | + outFile = fopen_output ( outFileName, "wb" ); | |
145 | if (outFile == NULL) { | |
146 | fprintf ( stderr, "%s: can't write `%s'\n", | |
147 | progName, outFileName ); |