kkleine / rpms / llvm

Forked from rpms/llvm 3 years ago
Clone
Source Code
GIT

Files

autochangelog big-merge big-merge-archive bootstrap ci-fixes el6 el8 epel-8 epel7 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f35-pgo f36 f36-pgo-instrumented f37-pgo-producing f8 f9 fix-absolute-symlink-llvmgold fix-missing-psutil-python future license-path llvm8.0-compat main master pgo pgo-experiment private-airlied rawhide rawhide-pgo remotes/origin/private-airlied snapshot-build toolchain-macro-docs without-run_checks
  1.   f19
  2.   0004-clang-analyzer-cve-2014-2893.patch
Blob Blame History Raw 
CVE-2014-2893, insecure temporary file handling in clang's scan-build utility

Resolves: #1088107 #1088105

---
 tools/clang/tools/scan-build/scan-build | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/clang/tools/scan-build/scan-build b/tools/clang/tools/scan-build/scan-build
index 0f119f6..76135d8 100755
--- a/tools/clang/tools/scan-build/scan-build
+++ b/tools/clang/tools/scan-build/scan-build
@@ -204,6 +204,12 @@ sub GetHTMLRunDir {
   else {
     $NewDir = "$Dir/$DateString-$RunNumber";
   }
+
+  # Make sure that the directory does not exist in order to avoid hijack.
+  if (-e $NewDir) {
+      DieDiag("The directory '$NewDir' already exists.\n");
+  }
+
   system 'mkdir','-p',$NewDir;
   return $NewDir;
 }
-- 
2.1.0
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.