diff options
author | Max Rees <maxcrees@me.com> | 2019-08-01 03:56:07 -0500 |
---|---|---|
committer | Max Rees <maxcrees@me.com> | 2019-08-01 04:00:09 -0500 |
commit | f876330a642caced116aac1dac31f38d6c924e8d (patch) | |
tree | a6a848dec0f54b5200450b93128dd8ede3738ccb /user/id3lib/CVE-2007-4460.patch | |
parent | 74a96529112e2a6793d41fc1981285772a388201 (diff) | |
download | packages-f876330a642caced116aac1dac31f38d6c924e8d.tar.gz packages-f876330a642caced116aac1dac31f38d6c924e8d.tar.bz2 packages-f876330a642caced116aac1dac31f38d6c924e8d.tar.xz packages-f876330a642caced116aac1dac31f38d6c924e8d.zip |
user/id3lib: patch for CVE-2007-4460 (#161)
Diffstat (limited to 'user/id3lib/CVE-2007-4460.patch')
-rw-r--r-- | user/id3lib/CVE-2007-4460.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/user/id3lib/CVE-2007-4460.patch b/user/id3lib/CVE-2007-4460.patch new file mode 100644 index 000000000..36c84179f --- /dev/null +++ b/user/id3lib/CVE-2007-4460.patch @@ -0,0 +1,54 @@ +This patch fixes an issues where temporary files were created in an insecure +way. + +It was first intruduced in version 3.8.3-7 and fixes +http://bugs.debian.org/438540 +--- a/src/tag_file.cpp ++++ b/src/tag_file.cpp +@@ -242,8 +242,8 @@ + strcpy(sTempFile, filename.c_str()); + strcat(sTempFile, sTmpSuffix.c_str()); + +-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) +- // This section is for Windows folk && gcc 3.x folk ++#if !defined(HAVE_MKSTEMP) ++ // This section is for Windows folk + fstream tmpOut; + createFile(sTempFile, tmpOut); + +@@ -257,7 +257,7 @@ + tmpOut.write((char *)tmpBuffer, nBytes); + } + +-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) ++#else //!defined(HAVE_MKSTEMP) + + // else we gotta make a temp file, copy the tag into it, copy the + // rest of the old file after the tag, delete the old file, rename +@@ -270,7 +270,7 @@ + //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file"); + } + +- ofstream tmpOut(fd); ++ ofstream tmpOut(sTempFile); + if (!tmpOut) + { + tmpOut.close(); +@@ -285,14 +285,14 @@ + uchar tmpBuffer[BUFSIZ]; + while (file) + { +- file.read(tmpBuffer, BUFSIZ); ++ file.read((char *)tmpBuffer, BUFSIZ); + size_t nBytes = file.gcount(); +- tmpOut.write(tmpBuffer, nBytes); ++ tmpOut.write((char *)tmpBuffer, nBytes); + } + + close(fd); //closes the file + +-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) ++#endif ////!defined(HAVE_MKSTEMP) + + tmpOut.close(); + file.close(); |