guix-devel/gnu/packages/patches/id3lib-CVE-2007-4460.patch

55 lines
1.6 KiB
Diff
Raw Permalink Normal View History

This patch fixes an issues where temporary files were created in an insecure
way.
It was first intruduced in version 3.8.3-7 and fixes
http://bugs.debian.org/438540
--- a/src/tag_file.cpp
+++ b/src/tag_file.cpp
@@ -242,8 +242,8 @@
strcpy(sTempFile, filename.c_str());
strcat(sTempFile, sTmpSuffix.c_str());
-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
- // This section is for Windows folk && gcc 3.x folk
+#if !defined(HAVE_MKSTEMP)
+ // This section is for Windows folk
fstream tmpOut;
createFile(sTempFile, tmpOut);
@@ -257,7 +257,7 @@
tmpOut.write((char *)tmpBuffer, nBytes);
}
-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
+#else //!defined(HAVE_MKSTEMP)
// else we gotta make a temp file, copy the tag into it, copy the
// rest of the old file after the tag, delete the old file, rename
@@ -270,7 +270,7 @@
//ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
}
- ofstream tmpOut(fd);
+ ofstream tmpOut(sTempFile);
if (!tmpOut)
{
tmpOut.close();
@@ -285,14 +285,14 @@
uchar tmpBuffer[BUFSIZ];
while (file)
{
- file.read(tmpBuffer, BUFSIZ);
+ file.read((char *)tmpBuffer, BUFSIZ);
size_t nBytes = file.gcount();
- tmpOut.write(tmpBuffer, nBytes);
+ tmpOut.write((char *)tmpBuffer, nBytes);
}
close(fd); //closes the file
-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
+#endif ////!defined(HAVE_MKSTEMP)
tmpOut.close();
file.close();