Hi Jochen, applied r50481 with some minor changes. Though there are other areas where this still needs changing in blender if we are serious about not writing into symlinks.
These functions can save to the temp dir and don't check for symlinks. render_result_exr_file_begin() ptcache_file_open() BLO_write_file() --- which is used to save temp files too (called from wm_autosave_timer) On Sat, Sep 8, 2012 at 11:30 PM, Jochen Schmitt <joc...@herr-schmitt.de> wrote: > Hallo, > > unfortunately, I have got an complaint about the re-occurance of the > security flaw CVE-2008-1103 on blender-2.63a. Please refer to > BZ #855092 on https://bugzilla.redhat.com for further informationen. > > Therefor I have created the following patch attached on the end of this > mail to fix the reported issue. > > It may be nice, if can anyone can take a review of the patch and integrate > the patch in the next upcomming release of blender. > > Best Regards: > > Jochen Schmitt > > diff -up blender-2.63a/source/blender/blenkernel/intern/blender.c.cve > blender-2.63a/source/blender/blenkernel/intern/blender.c > --- blender-2.63a/source/blender/blenkernel/intern/blender.c.cve > 2012-05-10 16:50:20.000000000 +0200 > +++ blender-2.63a/source/blender/blenkernel/intern/blender.c 2012-09-07 > 10:10:05.518999947 +0200 > @@ -40,6 +40,7 @@ > # define write _write > #endif > > +#include <errno.h> > #include <stdlib.h> > #include <stdio.h> > #include <stddef.h> > @@ -706,7 +707,8 @@ void BKE_undo_save_quit(void) > { > UndoElem *uel; > MemFileChunk *chunk; > - int file; > + int file = -1; > + int flags = O_BINARY+O_WRONLY+O_CREAT+O_TRUNC+O_EXCL; > char str[FILE_MAX]; > > if ( (U.uiflag & USER_GLOBALUNDO)==0) return; > @@ -722,10 +724,16 @@ void BKE_undo_save_quit(void) > > BLI_make_file_string("/", str, BLI_temporary_dir(), "quit.blend"); > > - file = BLI_open(str,O_BINARY+O_WRONLY+O_CREAT+O_TRUNC, 0666); > - if (file == -1) { > - //XXX error("Unable to save %s, check you have permissions", > str); > - return; > + while (file == -1) { > + file = BLI_open(str,flags, 0666); > + if (file == -1) { > + if (errno == EEXIST) { > + flags ^= O_CREAT; > + } else { > + //XXX error("Unable to save %s, check you have permissions", > str); > + return; > + } > + } > } > > chunk= uel->memfile.chunks.first; > _______________________________________________ > Bf-committers mailing list > Bf-committers@blender.org > http://lists.blender.org/mailman/listinfo/bf-committers -- - Campbell _______________________________________________ Bf-committers mailing list Bf-committers@blender.org http://lists.blender.org/mailman/listinfo/bf-committers
