Hallo, unfortunately, I have got an complaint about the re-occurance of the security flaw CVE-2008-1103 on blender-2.63a. Please refer to BZ #855092 on https://bugzilla.redhat.com for further informationen.
Therefor I have created the following patch attached on the end of this mail to fix the reported issue. It may be nice, if can anyone can take a review of the patch and integrate the patch in the next upcomming release of blender. Best Regards: Jochen Schmitt diff -up blender-2.63a/source/blender/blenkernel/intern/blender.c.cve blender-2.63a/source/blender/blenkernel/intern/blender.c --- blender-2.63a/source/blender/blenkernel/intern/blender.c.cve 2012-05-10 16:50:20.000000000 +0200 +++ blender-2.63a/source/blender/blenkernel/intern/blender.c 2012-09-07 10:10:05.518999947 +0200 @@ -40,6 +40,7 @@ # define write _write #endif +#include <errno.h> #include <stdlib.h> #include <stdio.h> #include <stddef.h> @@ -706,7 +707,8 @@ void BKE_undo_save_quit(void) { UndoElem *uel; MemFileChunk *chunk; - int file; + int file = -1; + int flags = O_BINARY+O_WRONLY+O_CREAT+O_TRUNC+O_EXCL; char str[FILE_MAX]; if ( (U.uiflag & USER_GLOBALUNDO)==0) return; @@ -722,10 +724,16 @@ void BKE_undo_save_quit(void) BLI_make_file_string("/", str, BLI_temporary_dir(), "quit.blend"); - file = BLI_open(str,O_BINARY+O_WRONLY+O_CREAT+O_TRUNC, 0666); - if (file == -1) { - //XXX error("Unable to save %s, check you have permissions", str); - return; + while (file == -1) { + file = BLI_open(str,flags, 0666); + if (file == -1) { + if (errno == EEXIST) { + flags ^= O_CREAT; + } else { + //XXX error("Unable to save %s, check you have permissions", str); + return; + } + } } chunk= uel->memfile.chunks.first; _______________________________________________ Bf-committers mailing list Bf-committers@blender.org http://lists.blender.org/mailman/listinfo/bf-committers