File CVE-2018-6198.patch of Package w3m

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2018-6198.patch of Package w3m

From 18dcbadf2771cdb0c18509b14e4e73505b242753 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Sun, 21 Jan 2018 01:29:10 +0900
Subject: [PATCH] Make temporary directory safely when ~/.w3m is unwritable

Index: w3m-0.5.3.git20161120/config.h.dist
===================================================================
--- w3m-0.5.3.git20161120.orig/config.h.dist
+++ w3m-0.5.3.git20161120/config.h.dist
@@ -210,6 +210,7 @@ typedef long clen_t;
 #define HAVE_SRANDOM
 #undef HAVE_GETPASSPHRASE
 #define HAVE_CHDIR
+#define HAVE_MKDTEMP
 
 
 #define SETJMP(env) sigsetjmp(env,1)
Index: w3m-0.5.3.git20161120/config.h.in
===================================================================
--- w3m-0.5.3.git20161120.orig/config.h.in
+++ w3m-0.5.3.git20161120/config.h.in
@@ -143,6 +143,7 @@ typedef long clen_t;
 #undef HAVE_SRANDOM
 #undef HAVE_GETPASSPHRASE
 #undef HAVE_CHDIR
+#undef HAVE_MKDTEMP
 #undef HAVE_SETPGRP
 #undef HAVE_SETLOCALE
 #undef HAVE_LANGINFO_CODESET
Index: w3m-0.5.3.git20161120/configure
===================================================================
--- w3m-0.5.3.git20161120.orig/configure
+++ w3m-0.5.3.git20161120/configure
@@ -8767,7 +8767,7 @@ _ACEOF
 
 
 
-for ac_func in strcasecmp strcasestr strchr memcpy strerror bcopy setpgrp chdir getcwd getwd readlink setenv putenv strtoll stroq atoll atoq symlink readlink lstat srand48 srandom getpassphrase waitpid setlocale
+for ac_func in strcasecmp strcasestr strchr memcpy strerror bcopy setpgrp chdir mkdtemp getcwd getwd readlink setenv putenv strtoll stroq atoll atoq symlink readlink lstat srand48 srandom getpassphrase waitpid setlocale
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
Index: w3m-0.5.3.git20161120/configure.ac
===================================================================
--- w3m-0.5.3.git20161120.orig/configure.ac
+++ w3m-0.5.3.git20161120/configure.ac
@@ -150,7 +150,7 @@ dnl AC_FUNC_MEMCMP
 dnl AC_FUNC_MMAP
 dnl AC_FUNC_SETVBUF_REVERSED
 dnl AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(strcasecmp strcasestr strchr memcpy strerror bcopy setpgrp chdir getcwd getwd readlink setenv putenv strtoll stroq atoll atoq symlink readlink lstat srand48 srandom getpassphrase waitpid setlocale)
+AC_CHECK_FUNCS(strcasecmp strcasestr strchr memcpy strerror bcopy setpgrp chdir mkdtemp getcwd getwd readlink setenv putenv strtoll stroq atoll atoq symlink readlink lstat srand48 srandom getpassphrase waitpid setlocale)
 AC_FUNC_STRFTIME
 AC_FUNC_WAIT3
 AC_FUNC_SETPGRP
Index: w3m-0.5.3.git20161120/main.c
===================================================================
--- w3m-0.5.3.git20161120.orig/main.c
+++ w3m-0.5.3.git20161120/main.c
@@ -6034,6 +6034,13 @@ w3m_exit(int i)
 #ifdef __MINGW32_VERSION
     WSACleanup();
 #endif
+#ifdef HAVE_MKDTEMP
+    if (no_rc_dir && tmp_dir != rc_dir)
+	if (rmdir(tmp_dir) != 0) {
+	    fprintf(stderr, "Can't remove temporary directory (%s)!\n", tmp_dir);
+	    exit(1);
+	}
+#endif
     exit(i);
 }
 
Index: w3m-0.5.3.git20161120/rc.c
===================================================================
--- w3m-0.5.3.git20161120.orig/rc.c
+++ w3m-0.5.3.git20161120/rc.c
@@ -1330,6 +1330,11 @@ init_rc(void)
 	((tmp_dir = getenv("TMP")) == NULL || *tmp_dir == '\0') &&
 	((tmp_dir = getenv("TEMP")) == NULL || *tmp_dir == '\0'))
 	tmp_dir = "/tmp";
+#ifdef HAVE_MKDTEMP
+    tmp_dir = mkdtemp(Strnew_m_charp(tmp_dir, "/w3m-XXXXXX", NULL)->ptr);
+    if (tmp_dir == NULL)
+	tmp_dir = rc_dir;
+#endif
     create_option_search_table();
     goto open_rc;
 }

Places

File CVE-2018-6198.patch of Package w3m

Places