3 * Fixed RC bug "file permissions modification race (CAN-2005-0953)", closes:
4 #303300. Patch by Santiago Ruano Rincon <santiago@unicauca.edu.co>.
5 Original patch available at
6 http://marc.theaimsgroup.com/?l=bugtraq&m=111352423504277&w=2
8 --- bzip2-1.0.2.orig/bzip2.c
9 +++ bzip2-1.0.2/bzip2.c
12 static void copyFileName ( Char*, Char* );
13 static void* myMalloc ( Int32 );
14 +static int applySavedFileAttrToOutputFile ( int fd );
19 ret = fflush ( zStream );
20 if (ret == EOF) goto errhandler_io;
21 if (zStream != stdout) {
22 + int fd = fileno ( zStream );
23 + if (fd < 0) goto errhandler_io;
24 + ret = applySavedFileAttrToOutputFile ( fd );
25 + if (ret != 0) goto errhandler_io;
26 ret = fclose ( zStream );
27 outputHandleJustInCase = NULL;
28 if (ret == EOF) goto errhandler_io;
32 if (ferror(zStream)) goto errhandler_io;
33 + if ( stream != stdout) {
34 + int fd = fileno ( stream );
35 + if (fd < 0) goto errhandler_io;
36 + ret = applySavedFileAttrToOutputFile ( fd );
37 + if (ret != 0) goto errhandler_io;
39 ret = fclose ( zStream );
40 if (ret == EOF) goto errhandler_io;
46 -void applySavedMetaInfoToOutputFile ( Char *dstName )
47 +void applySavedTimeInfoToOutputFile ( Char *dstName )
51 @@ -1134,16 +1149,26 @@
52 uTimBuf.actime = fileMetaInfo.st_atime;
53 uTimBuf.modtime = fileMetaInfo.st_mtime;
55 - retVal = chmod ( dstName, fileMetaInfo.st_mode );
56 - ERROR_IF_NOT_ZERO ( retVal );
58 retVal = utime ( dstName, &uTimBuf );
59 ERROR_IF_NOT_ZERO ( retVal );
63 - retVal = chown ( dstName, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
65 +int applySavedFileAttrToOutputFile ( int fd )
70 + retVal = fchmod ( fd, fileMetaInfo.st_mode );
74 + (void) fchown ( fd, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
75 /* chown() will in many cases return with EPERM, which can
84 /*--- If there was an I/O error, we won't get here. ---*/
85 if ( srcMode == SM_F2F ) {
86 - applySavedMetaInfoToOutputFile ( outName );
87 + applySavedTimeInfoToOutputFile ( outName );
88 deleteOutputOnInterrupt = False;
89 if ( !keepInputFiles ) {
90 IntNative retVal = remove ( inName );
92 /*--- If there was an I/O error, we won't get here. ---*/
93 if ( magicNumberOK ) {
94 if ( srcMode == SM_F2F ) {
95 - applySavedMetaInfoToOutputFile ( outName );
96 + applySavedTimeInfoToOutputFile ( outName );
97 deleteOutputOnInterrupt = False;
98 if ( !keepInputFiles ) {
99 IntNative retVal = remove ( inName );
100 --- bzip2-1.0.2.orig/bzip2recover.c
101 +++ bzip2-1.0.2/bzip2recover.c
110 /* This program records bit locations in the file to be recovered.
115 +/*---------------------------------------------*/
116 +/* Open an output file safely with O_EXCL and good permissions */
117 +FILE* fopen_output( Char* name, const char* mode )
122 + fh = open(name, O_WRONLY|O_CREAT|O_EXCL, 0600);
123 + if (fh == -1) return NULL;
124 + fp = fdopen(fh, mode);
125 + if (fp == NULL) close(fh);
129 /*---------------------------------------------------*/
132 Int32 b, wrBlock, currBlock, rbCtr;
133 MaybeUInt64 bitsRead;
136 UInt32 buffHi, buffLo, blockCRC;
140 fprintf ( stderr, " writing block %d to `%s' ...\n",
141 wrBlock+1, outFileName );
143 - outFile = fopen ( outFileName, "wb" );
144 + outFile = fopen_output ( outFileName, "wb" );
145 if (outFile == NULL) {
146 fprintf ( stderr, "%s: can't write `%s'\n",
147 progName, outFileName );