Bug#486548: marked as done (wdiff uses insecure tmpnam() function)

Mon, 16 Jun 2008 16:32:51 -0700 

Your message dated Tue, 17 Jun 2008 01:28:09 +0200 (CEST)
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#486548: wdiff uses insecure tmpnam() function
has caused the Debian Bug report #486548,
regarding wdiff uses insecure tmpnam() function
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
486548: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486548
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: wdiff
Version: 0.5-17
Severity: important
Tags: security

Hi,
while looking into some other problem that made use of wdiff 
I noticed that wdiff uses the insecure tmpnam() function 
from the c library which is prone to race conditions.
wdiff.c:
569       /* Select a file name, use it for opening a temporary file and
570          unlink it right away.  Then, copy the whole standard input on
571          this temporary local file.  Once done, prepare it for reading.
572          We do not need the file name itself anymore.  */
573 
574       tmpnam (side->temp_name);
575       side->file = fopen (side->temp_name, "w+");
576       if (side->file == NULL)
577         error (EXIT_OTHER_REASON, errno, side->temp_name);
578       if (unlink (side->temp_name) != 0)
579         error (EXIT_OTHER_REASON, errno, side->temp_name);
580       while (side->character = getchar (), side->character != EOF)
581         putc (side->character, side->file);
582       rewind (side->file);

wdiff creates temporary files using this code on any invocation when
diffing two files as far as I can see. Please replace this code with mkstemp.
Upstream will fix this in the next release.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpkA6XxSak8J.pgp
Description: PGP signature


--- End Message ---
--- Begin Message --- 
This is already reported as Bug #425254, If you want to help, patches
are welcome, but reporting something twice does not help.

Thanks.

--- End Message ---

Reply via email to