summaryrefslogtreecommitdiff
path: root/recipes/pulseaudio/files
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <zecke@selfish.org>2010-03-17 15:01:42 +0800
committerHolger Hans Peter Freyther <zecke@selfish.org>2010-03-17 15:01:42 +0800
commitd3a29410109b3d8c7e7884d459334a744fbf97bf (patch)
treeee08dfb64b110e10ed12ae2daa7431bcd7a00845 /recipes/pulseaudio/files
parente54dcda0f3850194a820cfeb994832fa9b73f7de (diff)
pulseaudio-0.9.15: Fix a flaw in the tmp directory handling
* Address CVE-2009-1299, compare with http://www.debian.org/security/2010/dsa-2017
Diffstat (limited to 'recipes/pulseaudio/files')
-rw-r--r--recipes/pulseaudio/files/CVE-2009-1299.patch86
1 files changed, 86 insertions, 0 deletions
diff --git a/recipes/pulseaudio/files/CVE-2009-1299.patch b/recipes/pulseaudio/files/CVE-2009-1299.patch
new file mode 100644
index 0000000000..63314b8280
--- /dev/null
+++ b/recipes/pulseaudio/files/CVE-2009-1299.patch
@@ -0,0 +1,86 @@
+From d3efa43d85ac132c6a5a416a2b6f2115f5d577ee Mon Sep 17 00:00:00 2001
+From: Kees Cook <kees@ubuntu.com>
+Date: Tue, 2 Mar 2010 21:33:34 -0800
+Subject: [PATCH] core-util: ensure that we chmod only the dir we ourselves created
+
+---
+ configure.ac | 2 +-
+ src/pulsecore/core-util.c | 39 ++++++++++++++++++++++++++++++++++-----
+ 2 files changed, 35 insertions(+), 6 deletions(-)
+
+Index: pulseaudio-0.9.15/configure.ac
+===================================================================
+--- pulseaudio-0.9.15.orig/configure.ac 2010-03-17 14:50:02.000000000 +0800
++++ pulseaudio-0.9.15/configure.ac 2010-03-17 14:52:27.250075828 +0800
+@@ -403,7 +403,7 @@
+ AC_FUNC_FORK
+ AC_FUNC_GETGROUPS
+ AC_FUNC_SELECT_ARGTYPES
+-AC_CHECK_FUNCS([chmod chown clock_gettime getaddrinfo getgrgid_r getgrnam_r \
++AC_CHECK_FUNCS([chmod chown fstat fchown fchmod clock_gettime getaddrinfo getgrgid_r getgrnam_r \
+ getpwnam_r getpwuid_r gettimeofday getuid inet_ntop inet_pton mlock nanosleep \
+ pipe posix_fadvise posix_madvise posix_memalign setpgid setsid shm_open \
+ sigaction sleep sysconf pthread_setaffinity_np])
+Index: pulseaudio-0.9.15/src/pulsecore/core-util.c
+===================================================================
+--- pulseaudio-0.9.15.orig/src/pulsecore/core-util.c 2010-03-17 14:49:59.000000000 +0800
++++ pulseaudio-0.9.15/src/pulsecore/core-util.c 2010-03-17 14:51:37.680079062 +0800
+@@ -178,7 +178,7 @@
+ /** Creates a directory securely */
+ int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) {
+ struct stat st;
+- int r, saved_errno;
++ int r, saved_errno, fd;
+
+ pa_assert(dir);
+
+@@ -196,16 +196,45 @@
+ if (r < 0 && errno != EEXIST)
+ return -1;
+
+-#ifdef HAVE_CHOWN
++#ifdef HAVE_FSTAT
++ if ((fd = open(dir,
++#ifdef O_CLOEXEC
++ O_CLOEXEC|
++#endif
++#ifdef O_NOCTTY
++ O_NOCTTY|
++#endif
++#ifdef O_NOFOLLOW
++ O_NOFOLLOW|
++#endif
++ O_RDONLY)) < 0)
++ goto fail;
++
++ if (fstat(fd, &st) < 0) {
++ pa_assert_se(pa_close(fd) >= 0);
++ goto fail;
++ }
++
++ if (!S_ISDIR(st.st_mode)) {
++ pa_assert_se(pa_close(fd) >= 0);
++ errno = EEXIST;
++ goto fail;
++ }
++
++#ifdef HAVE_FCHOWN
+ if (uid == (uid_t)-1)
+ uid = getuid();
+ if (gid == (gid_t)-1)
+ gid = getgid();
+- (void) chown(dir, uid, gid);
++ (void) fchown(fd, uid, gid);
++#endif
++
++#ifdef HAVE_FCHMOD
++ (void) fchmod(fd, m);
+ #endif
+
+-#ifdef HAVE_CHMOD
+- chmod(dir, m);
++ pa_assert_se(pa_close(fd) >= 0);
++
+ #endif
+
+ #ifdef HAVE_LSTAT