[PATCH][SECURITY] kdelibs

Śro, 28 Lip 2004, 22:48:19 CEST

Hej,

ząłączone patche (publikacja planowana 11 sierpnia) poprawiają kilka
błędów związanych z tworzeniem plików tymczasowych.

Jeśli ktoś jest zainteresowany to są też wersje dla 3.0.5b i 3.1.5.
-- 
--= Michal Kochanowicz =--==--==BOFH==--==--= michal w michal.waw.pl =--
--= finger me for PGP public key or visit http://michal.waw.pl/PGP =--
--==--==--==--==--==-- Vodka. Connecting people.--==--==--==--==--==--
A chodzenie po górach SSIE!!!
-------------- następna część ---------
Index: dcopserver.cpp
===================================================================
RCS file: /home/kde/kdelibs/dcop/dcopserver.cpp,v
retrieving revision 1.160.2.3
diff -u -p -r1.160.2.3 dcopserver.cpp

--- dcopserver.cpp	30 Apr 2004 15:00:08 -0000	1.160.2.3
+++ dcopserver.cpp	26 Jul 2004 09:03:06 -0000
@@ -443,35 +443,78 @@ write_iceauth (FILE *addfp, IceAuthDataE
     fprintf (addfp, "\n");
 }
 
+#ifndef HAVE_MKSTEMPS
+#include <string.h>
+#include <strings.h>
 
-#ifndef HAVE_MKSTEMP
-static char *unique_filename (const char *path, const char *prefix)
-#else
-static char *unique_filename (const char *path, const char *prefix, int *pFd)
-#endif
+/* this is based on code taken from the GNU libc, distributed under the LGPL license */
+
+/* Generate a unique temporary file name from TEMPLATE.
+
+   TEMPLATE has the form:
+
+   <path>/ccXXXXXX<suffix>
+
+   SUFFIX_LEN tells us how long <suffix> is (it can be zero length).
+
+   The last six characters of TEMPLATE before <suffix> must be "XXXXXX";
+   they are replaced with a string that makes the filename unique.
+
+   Returns a file descriptor open on the file for reading and writing.  */
+
+int mkstemps (char* _template, int suffix_len)
 {
-#ifndef HAVE_MKSTEMP
-#ifndef X_NOT_POSIX
-    return ((char *) tempnam (path, prefix));
-#else
-    char tempFile[PATH_MAX];
-    char *tmp;
+  static const char letters[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+  char *XXXXXX;
+  int len;
+  int count;
+  int value;
+
+  len = strlen (_template);
+
+  if ((int) len < 6 + suffix_len || strncmp (&_template[len - 6 - suffix_len], "XXXXXX", 6))
+      return -1;
+
+  XXXXXX = &_template[len - 6 - suffix_len];
+
+  value = rand();
+  for (count = 0; count < 256; ++count)
+  {
+      int v = value;
+      int fd;
+
+      /* Fill in the random bits.  */
+      XXXXXX[0] = letters[v % 62];
+      v /= 62;
+      XXXXXX[1] = letters[v % 62];
+      v /= 62;
+      XXXXXX[2] = letters[v % 62];
+      v /= 62;
+      XXXXXX[3] = letters[v % 62];
+      v /= 62;
+      XXXXXX[4] = letters[v % 62];
+      v /= 62;
+      XXXXXX[5] = letters[v % 62];
+
+      fd = open (_template, O_RDWR|O_CREAT|O_EXCL, 0600);
+      if (fd >= 0)
+	/* The file does not exist.  */
+	return fd;
+
+      /* This is a random value.  It is only necessary that the next
+	 TMP_MAX values generated by adding 7777 to VALUE are different
+	 with (module 2^32).  */
+      value += 7777;
+    }
+  /* We return the null string if we can't find a unique file name.  */
+  _template[0] = '\0';
+  return -1;
+}
 
-    snprintf (tempFile, PATH_MAX, "%s/%sXXXXXX", path, prefix);
-    tmp = (char *) mktemp (tempFile);
-    if (tmp)
-	{
-	    char *ptr = (char *) malloc (strlen (tmp) + 1);
-        if (ptr != NULL)
-        {
-	        strcpy (ptr, tmp);
-        }
-	    return (ptr);
-	}
-    else
-	return (NULL);
 #endif
-#else
+
+static char *unique_filename (const char *path, const char *prefix, int *pFd)
+{
     char tempFile[PATH_MAX];
     char *ptr;
 
@@ -480,43 +523,10 @@ static char *unique_filename (const char
     if (ptr != NULL)
 	{
 	    strcpy(ptr, tempFile);
-	    *pFd =  mkstemp(ptr);
+	    *pFd =  mkstemps(ptr, 0);
 	}
     return ptr;
-#endif
-}
-
-#if 0
-Status SetAuthentication_local (int count, IceListenObj *listenObjs)
-{
-    int i;
-    for (i = 0; i < count; i ++) {
-	char *prot = IceGetListenConnectionString(listenObjs[i]);
-	if (!prot) continue;
-	char *host = strchr(prot, '/');
-	char *sock = 0;
-	if (host) {
-	    *host=0;
-	    host++;
-	    sock = strchr(host, ':');
-	    if (sock) {
-		*sock = 0;
-		sock++;
-	    }
-	}
-#ifndef NDEBUG
-	qDebug("DCOPServer: SetAProc_loc: conn %d, prot=%s, file=%s",
-		(unsigned)i, prot, sock);
-#endif
-	if (sock && !strcmp(prot, "local")) {
-	    chmod(sock, 0700);
-	}
-	IceSetHostBasedAuthProc (listenObjs[i], HostBasedAuthProc);
-	free(prot);
-    }
-    return 1;
 }
-#endif
 
 #define MAGIC_COOKIE_LEN 16
 
@@ -529,28 +539,19 @@ SetAuthentication (int count, IceListenO
     int         original_umask;
     int         i;
     QCString command;    
-#ifdef HAVE_MKSTEMP
     int         fd;
-#endif
 
     original_umask = umask (0077);      /* disallow non-owner access */
 
     path = getenv ("DCOP_SAVE_DIR");
     if (!path)
 	path = "/tmp";
-#ifndef HAVE_MKSTEMP
-    if ((addAuthFile = unique_filename (path, "dcop")) == NULL)
-	goto bad;
 
-    if (!(addfp = fopen (addAuthFile, "w")))
-	goto bad;
-#else
     if ((addAuthFile = unique_filename (path, "dcop", &fd)) == NULL)
 	goto bad;
 
     if (!(addfp = fdopen(fd, "wb")))
 	goto bad;
-#endif
 
     if ((*_authDataEntries = static_cast<IceAuthDataEntry *>(malloc (count * 2 * sizeof (IceAuthDataEntry)))) == NULL)
 	goto bad;
-------------- następna część ---------
Index: kstandarddirs.cpp
===================================================================
RCS file: /home/kde/kdelibs/kdecore/kstandarddirs.cpp,v
retrieving revision 1.168.2.3
retrieving revision 1.168.2.4
diff -u -p -r1.168.2.3 -r1.168.2.4
--- kdecore/kstandarddirs.cpp	8 Jun 2004 09:27:57 -0000	1.168.2.3
+++ kdecore/kstandarddirs.cpp	26 Jun 2004 14:42:16 -0000	1.168.2.4
@@ -651,7 +651,28 @@ void KStandardDirs::createSpecialResourc
    char link[1024];
    link[1023] = 0;
    int result = readlink(QFile::encodeName(dir).data(), link, 1023);
-   if ((result == -1) && (errno == ENOENT))
+   bool relink = (result == -1) && (errno == ENOENT);
+   if ((result > 0) && (link[0] == '/'))
+   {
+      link[result] = 0;
+      struct stat stat_buf;
+      int res = lstat(link, &stat_buf);
+      if ((res == -1) && (errno == ENOENT))
+      {
+         relink = true;
+      }
+      else if ((res == -1) || (!S_ISDIR(stat_buf.st_mode)))
+      {
+         fprintf(stderr, "Error: \"%s\" is not a directory.\n", link);
+         relink = true;
+      }
+      else if (stat_buf.st_uid != getuid())
+      {
+         fprintf(stderr, "Error: \"%s\" is owned by uid %d instead of uid %d.\n", link, stat_buf.st_uid, getuid());
+         relink = true;
+      }
+   }
+   if (relink)
    {
       QString srv = findExe(QString::fromLatin1("lnusertemp"), KDEDIR+QString::fromLatin1("/bin"));
       if (srv.isEmpty())
