diff options
Diffstat (limited to 'security/tripwire12/files/patch-mktemp')
| -rw-r--r-- | security/tripwire12/files/patch-mktemp | 239 |
1 files changed, 239 insertions, 0 deletions
diff --git a/security/tripwire12/files/patch-mktemp b/security/tripwire12/files/patch-mktemp new file mode 100644 index 000000000000..3e871d4b6e5b --- /dev/null +++ b/security/tripwire12/files/patch-mktemp @@ -0,0 +1,239 @@ +This patches replace all uses of the (potentially insecure) mktemp(3) +with a much safer tmpfile(3). + +--- src/config.parse.c Wed Jul 20 21:03:26 1994 ++++ src/config.parse.c Wed May 17 17:30:22 2000 +@@ -55,7 +55,6 @@ + #endif + + /* prototypes */ +-char *mktemp(); + static void configfile_descend(); + + #ifndef L_tmpnam +@@ -86,7 +85,6 @@ + char ignorestring[1024]; + char s[MAXPATHLEN+1024]; + char configfile[MAXPATHLEN+512]; +- char *tmpfilename; + char number[128]; + int entrynum = 0; + int err; +@@ -98,18 +96,6 @@ + if (!printpreprocess && !quietmode) + fputs("### Phase 1: Reading configuration file\n", stderr); + +- /* generate temporary file name */ +- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) { +- perror("configfile_read: malloc()"); +- exit(1); +- }; +- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE); +- +- if ((char *) mktemp(tmpfilename) == NULL) { +- perror("configfile_read: mktemp()"); +- exit(1); +- } +- + /* generate configuration file name */ + if (specified_configmode != SPECIFIED_FILE) + sprintf(configfile, "%s/%s", config_path, config_file); +@@ -149,25 +135,17 @@ + + err = umask(077); /* to protect the tempfile */ + +- if ((fpout = fopen(tmpfilename, "w+")) == NULL) { +- sprintf(s, "tripwire: Couldn't open config file '%s'", configfile); +- perror(s); +- exit(1); +- } +- (void) umask(err); /* return it to its former state */ +- +- /* The following unlink accomplishes two things: ++ /* The use of tmpfile(3) accomplishes two things: + * 1) if the program terminates, we won't leave a temp + * file sitting around with potentially sensitive names + * in it. + * 2) the file is "hidden" while we run + */ +- if (unlink(tmpfilename) < 0) { +- perror("configfile_read: unlink()"); ++ if ((fpout = tmpfile()) == NULL) { ++ perror("tmpfile"); + exit(1); + } +- free(tmpfilename); +- ++ (void) umask(err); /* return it to its former state */ + + /* + * pass 0: preprocess file +--- src/dbase.build.c Mon Jul 25 11:24:09 1994 ++++ src/dbase.build.c Wed May 17 18:22:14 2000 +@@ -66,7 +66,6 @@ + int files_scanned_num = 0; + + /* prototypes */ +-char *mktemp(); + static void database_record_write(); + + char backupfile[MAXPATHLEN+256]; +@@ -125,17 +124,7 @@ + + /* where do we write the new database? */ + if (mode == DBASE_TEMPORARY) { +- char *tmpfilename = (char *) malloc(strlen(TEMPFILE_TEMPLATE)+1); +- if (tmpfilename == NULL) +- die_with_err("malloc() failed in database_build", (char *) NULL); +- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE); +- +- if ((char *) mktemp(tmpfilename) == NULL) +- die_with_err("database_build: mktemp()", (char *) NULL); +- +- (void) strcpy(tempdatabase_file, tmpfilename); +- (void) strcpy(database, tempdatabase_file); +- free(tmpfilename); ++ /* do nothing */ + } /* end if temporary database */ + else if (mode == DBASE_UPDATE) { + sprintf(database, "./databases/%s", database_file); +@@ -224,6 +213,12 @@ + } + + /* rebuild the database */ ++ if (mode == DBASE_TEMPORARY) { ++ fpw = tmpfile(); ++ if (fpw == NULL) ++ die_with_err("call tmpfile(3) failed. Check your TMPDIR setting", ++ NULL); ++ } else + if ((fpw = fopen(database, "w")) == NULL) + die_with_err("Hint: Maybe the database directory '%s' doesn't exist? fopen()", database); + +@@ -369,6 +364,6 @@ + +- /* we don't want to allow anyone to spoof the temporary file in /tmp */ ++ /* if the database was temporary, the file was opened by tmpfile(3) -- ++ as such, it can not be accessed by anything but this process */ + if (mode == DBASE_TEMPORARY) { +- if ((fptempdbase = freopen(database, "r", fpw)) == NULL) +- die_with_err("temporary database file disappeared?!?", database); ++ fptempdbase = fpw; + rewind(fptempdbase); +--- src/main.c Fri Aug 26 04:23:03 1994 ++++ src/main.c Wed May 17 18:01:00 2000 +@@ -108,7 +108,6 @@ + char *database_path = DATABASE_PATH; + char *config_path = CONFIG_PATH; + +-char tempdatabase_file[MAXPATHLEN+256]; + FILE *fptempdbase; + + char *defaultignore = DEFAULTIGNORE; +--- src/preen.c Mon Jul 25 11:24:11 1994 ++++ src/preen.c Wed May 17 18:22:22 2000 +@@ -37,7 +37,6 @@ + static int numentriesread = 0; /* running count of @@contents */ + + /* prototypes */ +-char *mktemp(); + static void olddbasefile_load(); + + char *updatemodes[] = { +@@ -97,9 +96,6 @@ + preen_report(interactive, ppp_updateentries); + if (!specified_configmode) + (void) fclose(fp_in); +- +- /* remove the temporary database file */ +- (void) unlink(tempdatabase_file); + + SPDEBUG(3) printf("*** leaving update_gather()\n"); + +--- src/siggen.c Mon Jul 25 11:24:12 1994 ++++ src/siggen.c Wed May 17 18:36:51 2000 +@@ -52,7 +52,6 @@ + + extern int optind; + int debuglevel = 0; +-char *mktemp(); + + int (*pf_signatures [NUM_SIGS]) () = { + SIG0FUNC, +@@ -84,7 +83,6 @@ + }; + int verbosity = 0; + int quietmode = 0; +-char *tmpfilename = NULL; + int readstdin = 0; + + +@@ -167,19 +167,6 @@ + FILE *fpout; +- /* generate temporary file name */ +- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) { +- perror("main: malloc()"); +- exit(1); +- }; +- (void) strcpy(tmpfilename, "/tmp/twzXXXXXX"); +- +- if ((char *) mktemp(tmpfilename) == NULL) { +- perror("siggen: mktemp()"); +- exit(1); +- } + + /* output */ +- if (!(fpout = fopen(tmpfilename, "w"))) { +- char err[1024]; +- sprintf(err, "main: fopen(%s)", tmpfilename); +- perror(err); ++ if (!(fpout = tmpfile())) { ++ perror("tmpfile()"); + exit(1); +@@ -189,12 +176,6 @@ + putc(c, fpout); +- fclose(fpout); +- if ((fd = open(tmpfilename, O_RDONLY)) < 0) { +- perror("siggen: open"); +- exit(1); +- } +- if (siggen(fd) < 0) ++ rewind(fpout); ++ if (siggen(fileno(fpout)) < 0) + errors++; + +- if (fd) +- close(fd); ++ close(fd); +- unlink(tmpfilename); +--- src/utils.c Mon Jul 25 12:23:16 1994 ++++ src/utils.c Wed May 17 18:21:38 2000 +@@ -785,23 +785,15 @@ + int + fd_tempfilename_generate() + { +- char tmp[MAXPATHLEN+256]; +- int fd; ++ FILE *tmp; + +- (void) strcpy(tmp, TEMPFILE_TEMPLATE); +- if ((char *) mktemp(tmp) == NULL) { +- perror("tempfilename_generate: mktemp()"); ++ tmp = tmpfile(); ++ if (tmp == NULL) { ++ perror("tempfilename_generate: tmpfile()"); + exit(1); + } + +- if ((fd = open(tmp, O_RDWR | O_CREAT, 0600)) < 0) { +- perror("tempfilename_generate: open()"); +- exit(1); +- } +- /* unlink right away to make sure no one can tamper with our file */ +- unlink(tmp); +- +- return fd; ++ return fileno(tmp); + } + + /* |