From 0a9caa3b3716846c944b76795b182caa4050e63a Mon Sep 17 00:00:00 2001 From: tpearson Date: Wed, 21 Apr 2010 19:01:33 +0000 Subject: Backport of SVN r1097263 to fix Solaris compilation with [CVE-2010-0436] git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdebase@1117290 283d02a7-25f6-0310-bc7c-ecb5cbfe19da --- kdm/backend/auth.c | 49 ++++++++++++++++++++----------------------------- 1 file changed, 20 insertions(+), 29 deletions(-) (limited to 'kdm/backend/auth.c') diff --git a/kdm/backend/auth.c b/kdm/backend/auth.c index 21b3c5d48..3fb18ac4c 100644 --- a/kdm/backend/auth.c +++ b/kdm/backend/auth.c @@ -227,6 +227,21 @@ fdOpenW( int fd ) return 0; } +static FILE * +mkTempFile( char *nambuf, int namelen ) +{ + FILE *f; + int r; + + for (r = 0; r < 100; r++) { + randomStr( nambuf + namelen ); + if ((f = fdOpenW( open( nambuf, O_WRONLY | O_CREAT | O_EXCL, 0600 ) ))) + return f; + if (errno != EEXIST) + break; + } + return 0; +} #define NAMELEN 255 @@ -234,9 +249,7 @@ static FILE * MakeServerAuthFile( struct display *d ) { FILE *f; -#ifndef HAVE_MKSTEMP - int r; -#endif + int i; char cleanname[NAMELEN], nambuf[NAMELEN+128]; /* @@ -248,22 +261,11 @@ MakeServerAuthFile( struct display *d ) if (mkdir( authDir, 0755 ) < 0 && errno != EEXIST) return 0; CleanUpFileName( d->name, cleanname, NAMELEN - 8 ); -#ifdef HAVE_MKSTEMP - sprintf( nambuf, "%s/A%s-XXXXXX", authDir, cleanname ); - if ((f = fdOpenW( mkstemp( nambuf ) ))) { + i = sprintf( nambuf, "%s/A%s-", authDir, cleanname ); + if ((f = mkTempFile( nambuf, i ))) { StrDup( &d->authFile, nambuf ); return f; } -#else - for (r = 0; r < 100; r++) { - sprintf( nambuf, "%s/A%s-XXXXXX", authDir, cleanname ); - (void)mktemp( nambuf ); - if ((f = fdOpenW( open( nambuf, O_WRONLY | O_CREAT | O_EXCL, 0600 ) ))) { - StrDup( &d->authFile, nambuf ); - return f; - } - } -#endif return 0; } @@ -1131,19 +1133,8 @@ SetUserAuthorization( struct display *d ) * temporary - we can assume, that we are the only ones * knowing about this file anyway. */ -#ifdef HAVE_MKSTEMP - sprintf( name_buf, "%s/.XauthXXXXXX", d->userAuthDir ); - new = fdOpenW( mkstemp( name_buf ) ); -#else - for (i = 0; i < 100; i++) { - sprintf( name_buf, "%s/.XauthXXXXXX", d->userAuthDir ); - (void)mktemp( name_buf ); - if ((new = - fdOpenW( open( name_buf, O_WRONLY | O_CREAT | O_EXCL, - 0600 ) ))) - break; - } -#endif + i = sprintf( name_buf, "%s/.Xauth", d->userAuthDir ); + new = mkTempFile( name_buf, i ); if (!new) { LogError( "Can't create authorization file in %s\n", d->userAuthDir ); -- cgit v1.2.1