guix/gnu/packages/patches/id3lib-CVE-2007-4460.patch
Efraim Flashner 1f521b7055
gnu: id3lib: Fix CVE-2007-4460.
* gnu/packages/mp3.scm (id3lib)[source]: Add patch.
* gnu/packages/patches/id3lib-CVE-2007-4460.patch: New variable.
* gnu/local.mk (dist_patch_DATA): Add it.
2016-05-30 20:13:24 +03:00

55 lines
1.6 KiB
Diff

This patch fixes an issues where temporary files were created in an insecure
way.
It was first intruduced in version 3.8.3-7 and fixes
http://bugs.debian.org/438540
--- a/src/tag_file.cpp
+++ b/src/tag_file.cpp
@@ -242,8 +242,8 @@
strcpy(sTempFile, filename.c_str());
strcat(sTempFile, sTmpSuffix.c_str());
-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
- // This section is for Windows folk && gcc 3.x folk
+#if !defined(HAVE_MKSTEMP)
+ // This section is for Windows folk
fstream tmpOut;
createFile(sTempFile, tmpOut);
@@ -257,7 +257,7 @@
tmpOut.write((char *)tmpBuffer, nBytes);
}
-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
+#else //!defined(HAVE_MKSTEMP)
// else we gotta make a temp file, copy the tag into it, copy the
// rest of the old file after the tag, delete the old file, rename
@@ -270,7 +270,7 @@
//ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
}
- ofstream tmpOut(fd);
+ ofstream tmpOut(sTempFile);
if (!tmpOut)
{
tmpOut.close();
@@ -285,14 +285,14 @@
uchar tmpBuffer[BUFSIZ];
while (file)
{
- file.read(tmpBuffer, BUFSIZ);
+ file.read((char *)tmpBuffer, BUFSIZ);
size_t nBytes = file.gcount();
- tmpOut.write(tmpBuffer, nBytes);
+ tmpOut.write((char *)tmpBuffer, nBytes);
}
close(fd); //closes the file
-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
+#endif ////!defined(HAVE_MKSTEMP)
tmpOut.close();
file.close();