1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## 78-insecure-tmp-usage by Nico Golde <nion@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fix insecure use of temporary file names
@DPATCH@
--- a/fax/faxspool.in
+++ b/fax/faxspool.in
@@ -686,9 +686,9 @@ fi
#
# mkdir a directory in $TMP (or /tmp), convert input to G3 in there
#
-spooldir=${TMP:-/tmp}/$new_seq.$$.`date +%S`
+spooldir=`mktemp -t -d`
-if ( umask 077 ; mkdir $spooldir ) ; then
+if [ $? -eq 0 ]; then
$echo "spooling to $spooldir (->$new_seq)..."
else
$echo "ERROR: can't create work dir '$spooldir', giving up" >&2 ; exit 6
@@ -707,10 +707,13 @@ do
#
if [ x$file = x- ]
then
- $echo "spooling $file (stdin)..."
- trap "rm /tmp/faxsp.$$" 0
- cat - >/tmp/faxsp.$$
- file=/tmp/faxsp.$$
+ file=`mktemp /tmp/faxspool.XXXXXXXXX`
+ if test -z $file
+ then
+ $echo "ERROR: can't create work file, giving up" >&2 ; exit 6
+ fi
+ trap "rm $file" 0
+ cat - >$file
else
$echo "spooling $file..."
fi
|
