[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#21913: sed/utils.c temporary file handling code review
|
From: |
Stanislav Brabec |
|
Subject: |
bug#21913: sed/utils.c temporary file handling code review |
|
Date: |
Wed, 18 Nov 2015 19:09:15 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
Stanislav Brabec wrote:
> While trying to reproduce an obscure crash with temporary file experiencing
> file system error, I looked deeper into sed/utils.c. I found several strange
> things.
>
Here is a detailed regression map:
commit 9c9919efe2166efd32409054005619062624226c (initial import in 2004)
imported the broken code vulnerable to double fclose() issue and leaving
orphan temporary files in some situations.
commit 9c9919efe2166efd32409054005619062624226c in 2004 introduced the
register_open_file() temporary file bug. No side effects yet.
commit 3a8e165ab02487c372df217c1989e287625ce0ae in 2006 started to really use
broken register_open_file() in ck_mkstemp() with third argument "true". It
caused a regression: keeping orphan files after even more errors than before,
but the regression hides the double fclose() vulnerability.
commit 768901548e280726f160a1da4434f3fde8f9921a in 2015 introduced
register_cleanup_file() that re-implements broken temporary removal feature
of register_open_file(). This change hides the register_open_file() temporary
file bug.
Both mentioned bugs are now present in the code, but probably cannot be
triggered.
--
Best Regards / S pozdravem,
Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o. e-mail: address@hidden
Lihovarská 1060/12 tel: +49 911 7405384547
190 00 Praha 9 fax: +420 284 084 001
Czech Republic http://www.suse.cz/
PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76