slackbuilds_ponce/network/thttpd/patches/fix-insecure-tmp-creation-CVE-2005-3124.diff

20 lines
724 B
Diff
Raw Normal View History

diff -ru thttpd-2.23beta1.orig/extras/syslogtocern thttpd-2.23beta1/extras/syslogtocern
--- thttpd-2.23beta1.orig/extras/syslogtocern 1999-09-15 18:00:54.000000000 +0200
+++ thttpd-2.23beta1/extras/syslogtocern 2005-10-26 01:45:34.000000000 +0200
@@ -31,8 +31,8 @@
exit 1
fi
-tmp1=/tmp/stc1.$$
-rm -f $tmp1
+tmp1=``mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+trap " [ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
# Gather up all the thttpd entries.
egrep ' thttpd\[' $* > $tmp1
@@ -65,4 +65,3 @@
sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
# Done.
-rm -f $tmp1