diff options
Diffstat (limited to 'security/tripwire12/files/patch-mktemp')
| -rw-r--r-- | security/tripwire12/files/patch-mktemp | 239 |
1 files changed, 0 insertions, 239 deletions
diff --git a/security/tripwire12/files/patch-mktemp b/security/tripwire12/files/patch-mktemp deleted file mode 100644 index 3e871d4b6e5b..000000000000 --- a/security/tripwire12/files/patch-mktemp +++ /dev/null @@ -1,239 +0,0 @@ -This patches replace all uses of the (potentially insecure) mktemp(3) -with a much safer tmpfile(3). - ---- src/config.parse.c Wed Jul 20 21:03:26 1994 -+++ src/config.parse.c Wed May 17 17:30:22 2000 -@@ -55,7 +55,6 @@ - #endif - - /* prototypes */ --char *mktemp(); - static void configfile_descend(); - - #ifndef L_tmpnam -@@ -86,7 +85,6 @@ - char ignorestring[1024]; - char s[MAXPATHLEN+1024]; - char configfile[MAXPATHLEN+512]; -- char *tmpfilename; - char number[128]; - int entrynum = 0; - int err; -@@ -98,18 +96,6 @@ - if (!printpreprocess && !quietmode) - fputs("### Phase 1: Reading configuration file\n", stderr); - -- /* generate temporary file name */ -- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) { -- perror("configfile_read: malloc()"); -- exit(1); -- }; -- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE); -- -- if ((char *) mktemp(tmpfilename) == NULL) { -- perror("configfile_read: mktemp()"); -- exit(1); -- } -- - /* generate configuration file name */ - if (specified_configmode != SPECIFIED_FILE) - sprintf(configfile, "%s/%s", config_path, config_file); -@@ -149,25 +135,17 @@ - - err = umask(077); /* to protect the tempfile */ - -- if ((fpout = fopen(tmpfilename, "w+")) == NULL) { -- sprintf(s, "tripwire: Couldn't open config file '%s'", configfile); -- perror(s); -- exit(1); -- } -- (void) umask(err); /* return it to its former state */ -- -- /* The following unlink accomplishes two things: -+ /* The use of tmpfile(3) accomplishes two things: - * 1) if the program terminates, we won't leave a temp - * file sitting around with potentially sensitive names - * in it. - * 2) the file is "hidden" while we run - */ -- if (unlink(tmpfilename) < 0) { -- perror("configfile_read: unlink()"); -+ if ((fpout = tmpfile()) == NULL) { -+ perror("tmpfile"); - exit(1); - } -- free(tmpfilename); -- -+ (void) umask(err); /* return it to its former state */ - - /* - * pass 0: preprocess file ---- src/dbase.build.c Mon Jul 25 11:24:09 1994 -+++ src/dbase.build.c Wed May 17 18:22:14 2000 -@@ -66,7 +66,6 @@ - int files_scanned_num = 0; - - /* prototypes */ --char *mktemp(); - static void database_record_write(); - - char backupfile[MAXPATHLEN+256]; -@@ -125,17 +124,7 @@ - - /* where do we write the new database? */ - if (mode == DBASE_TEMPORARY) { -- char *tmpfilename = (char *) malloc(strlen(TEMPFILE_TEMPLATE)+1); -- if (tmpfilename == NULL) -- die_with_err("malloc() failed in database_build", (char *) NULL); -- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE); -- -- if ((char *) mktemp(tmpfilename) == NULL) -- die_with_err("database_build: mktemp()", (char *) NULL); -- -- (void) strcpy(tempdatabase_file, tmpfilename); -- (void) strcpy(database, tempdatabase_file); -- free(tmpfilename); -+ /* do nothing */ - } /* end if temporary database */ - else if (mode == DBASE_UPDATE) { - sprintf(database, "./databases/%s", database_file); -@@ -224,6 +213,12 @@ - } - - /* rebuild the database */ -+ if (mode == DBASE_TEMPORARY) { -+ fpw = tmpfile(); -+ if (fpw == NULL) -+ die_with_err("call tmpfile(3) failed. Check your TMPDIR setting", -+ NULL); -+ } else - if ((fpw = fopen(database, "w")) == NULL) - die_with_err("Hint: Maybe the database directory '%s' doesn't exist? fopen()", database); - -@@ -369,6 +364,6 @@ - -- /* we don't want to allow anyone to spoof the temporary file in /tmp */ -+ /* if the database was temporary, the file was opened by tmpfile(3) -- -+ as such, it can not be accessed by anything but this process */ - if (mode == DBASE_TEMPORARY) { -- if ((fptempdbase = freopen(database, "r", fpw)) == NULL) -- die_with_err("temporary database file disappeared?!?", database); -+ fptempdbase = fpw; - rewind(fptempdbase); ---- src/main.c Fri Aug 26 04:23:03 1994 -+++ src/main.c Wed May 17 18:01:00 2000 -@@ -108,7 +108,6 @@ - char *database_path = DATABASE_PATH; - char *config_path = CONFIG_PATH; - --char tempdatabase_file[MAXPATHLEN+256]; - FILE *fptempdbase; - - char *defaultignore = DEFAULTIGNORE; ---- src/preen.c Mon Jul 25 11:24:11 1994 -+++ src/preen.c Wed May 17 18:22:22 2000 -@@ -37,7 +37,6 @@ - static int numentriesread = 0; /* running count of @@contents */ - - /* prototypes */ --char *mktemp(); - static void olddbasefile_load(); - - char *updatemodes[] = { -@@ -97,9 +96,6 @@ - preen_report(interactive, ppp_updateentries); - if (!specified_configmode) - (void) fclose(fp_in); -- -- /* remove the temporary database file */ -- (void) unlink(tempdatabase_file); - - SPDEBUG(3) printf("*** leaving update_gather()\n"); - ---- src/siggen.c Mon Jul 25 11:24:12 1994 -+++ src/siggen.c Wed May 17 18:36:51 2000 -@@ -52,7 +52,6 @@ - - extern int optind; - int debuglevel = 0; --char *mktemp(); - - int (*pf_signatures [NUM_SIGS]) () = { - SIG0FUNC, -@@ -84,7 +83,6 @@ - }; - int verbosity = 0; - int quietmode = 0; --char *tmpfilename = NULL; - int readstdin = 0; - - -@@ -167,19 +167,6 @@ - FILE *fpout; -- /* generate temporary file name */ -- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) { -- perror("main: malloc()"); -- exit(1); -- }; -- (void) strcpy(tmpfilename, "/tmp/twzXXXXXX"); -- -- if ((char *) mktemp(tmpfilename) == NULL) { -- perror("siggen: mktemp()"); -- exit(1); -- } - - /* output */ -- if (!(fpout = fopen(tmpfilename, "w"))) { -- char err[1024]; -- sprintf(err, "main: fopen(%s)", tmpfilename); -- perror(err); -+ if (!(fpout = tmpfile())) { -+ perror("tmpfile()"); - exit(1); -@@ -189,12 +176,6 @@ - putc(c, fpout); -- fclose(fpout); -- if ((fd = open(tmpfilename, O_RDONLY)) < 0) { -- perror("siggen: open"); -- exit(1); -- } -- if (siggen(fd) < 0) -+ rewind(fpout); -+ if (siggen(fileno(fpout)) < 0) - errors++; - -- if (fd) -- close(fd); -+ close(fd); -- unlink(tmpfilename); ---- src/utils.c Mon Jul 25 12:23:16 1994 -+++ src/utils.c Wed May 17 18:21:38 2000 -@@ -785,23 +785,15 @@ - int - fd_tempfilename_generate() - { -- char tmp[MAXPATHLEN+256]; -- int fd; -+ FILE *tmp; - -- (void) strcpy(tmp, TEMPFILE_TEMPLATE); -- if ((char *) mktemp(tmp) == NULL) { -- perror("tempfilename_generate: mktemp()"); -+ tmp = tmpfile(); -+ if (tmp == NULL) { -+ perror("tempfilename_generate: tmpfile()"); - exit(1); - } - -- if ((fd = open(tmp, O_RDWR | O_CREAT, 0600)) < 0) { -- perror("tempfilename_generate: open()"); -- exit(1); -- } -- /* unlink right away to make sure no one can tamper with our file */ -- unlink(tmp); -- -- return fd; -+ return fileno(tmp); - } - - /* |