From Debian: * Fixed RC bug "file permissions modification race (CAN-2005-0953)", closes: #303300. Patch by Santiago Ruano Rincon . Original patch available at http://marc.theaimsgroup.com/?l=bugtraq&m=111352423504277&w=2 --- bzip2-1.0.2.orig/bzip2.c +++ bzip2-1.0.2/bzip2.c @@ -312,6 +312,7 @@ static void copyFileName ( Char*, Char* ); static void* myMalloc ( Int32 ); +static int applySavedFileAttrToOutputFile ( int fd ); @@ -457,6 +458,10 @@ ret = fflush ( zStream ); if (ret == EOF) goto errhandler_io; if (zStream != stdout) { + int fd = fileno ( zStream ); + if (fd < 0) goto errhandler_io; + ret = applySavedFileAttrToOutputFile ( fd ); + if (ret != 0) goto errhandler_io; ret = fclose ( zStream ); outputHandleJustInCase = NULL; if (ret == EOF) goto errhandler_io; @@ -567,6 +574,12 @@ closeok: if (ferror(zStream)) goto errhandler_io; + if ( stream != stdout) { + int fd = fileno ( stream ); + if (fd < 0) goto errhandler_io; + ret = applySavedFileAttrToOutputFile ( fd ); + if (ret != 0) goto errhandler_io; + } ret = fclose ( zStream ); if (ret == EOF) goto errhandler_io; @@ -1125,7 +1140,7 @@ static -void applySavedMetaInfoToOutputFile ( Char *dstName ) +void applySavedTimeInfoToOutputFile ( Char *dstName ) { # if BZ_UNIX IntNative retVal; @@ -1134,16 +1149,26 @@ uTimBuf.actime = fileMetaInfo.st_atime; uTimBuf.modtime = fileMetaInfo.st_mtime; - retVal = chmod ( dstName, fileMetaInfo.st_mode ); - ERROR_IF_NOT_ZERO ( retVal ); - retVal = utime ( dstName, &uTimBuf ); ERROR_IF_NOT_ZERO ( retVal ); +# endif +} - retVal = chown ( dstName, fileMetaInfo.st_uid, fileMetaInfo.st_gid ); +static +int applySavedFileAttrToOutputFile ( int fd ) +{ +# if BZ_UNIX + IntNative retVal; + + retVal = fchmod ( fd, fileMetaInfo.st_mode ); + if (retVal != 0) + return retVal; + + (void) fchown ( fd, fileMetaInfo.st_uid, fileMetaInfo.st_gid ); /* chown() will in many cases return with EPERM, which can be safely ignored. */ + return 0; # endif } @@ -1366,7 +1391,7 @@ /*--- If there was an I/O error, we won't get here. ---*/ if ( srcMode == SM_F2F ) { - applySavedMetaInfoToOutputFile ( outName ); + applySavedTimeInfoToOutputFile ( outName ); deleteOutputOnInterrupt = False; if ( !keepInputFiles ) { IntNative retVal = remove ( inName ); @@ -1544,7 +1569,7 @@ /*--- If there was an I/O error, we won't get here. ---*/ if ( magicNumberOK ) { if ( srcMode == SM_F2F ) { - applySavedMetaInfoToOutputFile ( outName ); + applySavedTimeInfoToOutputFile ( outName ); deleteOutputOnInterrupt = False; if ( !keepInputFiles ) { IntNative retVal = remove ( inName ); --- bzip2-1.0.2.orig/bzip2recover.c +++ bzip2-1.0.2/bzip2recover.c @@ -56,6 +56,8 @@ #include #include #include +#include +#include /* This program records bit locations in the file to be recovered. @@ -301,6 +303,19 @@ name[n-1] == '2'); } +/*---------------------------------------------*/ +/* Open an output file safely with O_EXCL and good permissions */ +FILE* fopen_output( Char* name, const char* mode ) +{ + FILE *fp; + int fh; + + fh = open(name, O_WRONLY|O_CREAT|O_EXCL, 0600); + if (fh == -1) return NULL; + fp = fdopen(fh, mode); + if (fp == NULL) close(fh); + return fp; +} /*---------------------------------------------------*/ /*--- ---*/ @@ -338,6 +353,7 @@ Int32 b, wrBlock, currBlock, rbCtr; MaybeUInt64 bitsRead; + UInt32 buffHi, buffLo, blockCRC; Char* p; @@ -518,7 +534,7 @@ fprintf ( stderr, " writing block %d to `%s' ...\n", wrBlock+1, outFileName ); - outFile = fopen ( outFileName, "wb" ); + outFile = fopen_output ( outFileName, "wb" ); if (outFile == NULL) { fprintf ( stderr, "%s: can't write `%s'\n", progName, outFileName );