1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
Description: Fix race condition when creating temporary files (CVE-2015-0858)
Reported by Florian Weimer <fw@deneb.enyo.de>. Implemented using
File::Temp instead of just using the process ID inside the directory
name as suggested by Florian.
Author: Axel Beckert <abe@debian.org>
Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0858
Index: tardiff/tardiff
===================================================================
--- tardiff.orig/tardiff 2016-04-28 20:24:06.913565891 +0200
+++ tardiff/tardiff 2016-04-28 20:24:06.909565907 +0200
@@ -7,12 +7,13 @@
use strict;
use Text::Diff;
+use File::Temp qw(tempdir);
my $VERSION = '0.1';
my ($tarball1, $tarball2);
my ($opt_list, $opt_modified, $opt_autoskip, $opt_stats);
-my $tempdir;
+my $tempdir = tempdir( CLEANUP => 1 );
$SIG{'__DIE__'} = 'cleanup';
$SIG{'TERM'} = 'cleanup';
@@ -173,9 +174,6 @@
sub tardiff{
my $error = 0;
- $tempdir = "/tmp/tardiff-$$";
- mkdir $tempdir;
-
my $filelist1 = untar($tarball1) or die "Error: Could not unpack $tarball1.";
my $filelist2 = untar($tarball2) or die "Error: Could not unpack $tarball2.";
@@ -216,10 +214,6 @@
sub cleanup{
my $handler = shift(@_);
- if($tempdir){
- system("rm -rf $tempdir");
- }
-
if($handler eq "INT" or $handler eq "TERM"){
exit 1;
}
|
