[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] [bug #34903] CVE-2011-4328: gnash creates world-readable
From: |
Benjamin Wolsey |
Subject: |
[Gnash-commit] [bug #34903] CVE-2011-4328: gnash creates world-readable cookies under /tmp with predictable filenames |
Date: |
Sun, 27 Nov 2011 07:53:18 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.10 Chromium/14.0.835.202 Chrome/14.0.835.202 Safari/535.1 |
Follow-up Comment #4, bug #34903 (project gnash):
mkstemps() modifies the passed argument. The return from
stringstream::str().c_str() is a const char* for a good reason: it's not
modifiable.
To do it properly you need to copy the string to a modifiable buffer and pass
that instead, so that the buffer then contains the actual filename.
Also, the code needs to be in a separate function to avoid duplicating it and
to make it easier for non-POSIX systems to implement.
Creating your own random filenames has lots of pitfalls (e.g. the lower-order
bits are often much less random in rand(), so using the modulo operator like
the patch does produces much more predictable values). That's why I'd prefer
mkstemps.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?34903>
_______________________________________________
Nachricht geschickt von/durch Savannah
http://savannah.gnu.org/