Tree - rpms/am-utils - src.fedoraproject.org

rpms / am-utils

Overview Files Commits Branches Forks Releases

Monitoring status:

Bugzilla Assignee:

Fedora:: iankent
EPEL:: iankent

Files

Blob Blame History Raw


CVE-2008-1078 am-utils: insecure usage of temporary files

Addresses-Red-Hat-Bugzilla: #435420
Signed-off-by: Karel Zak <kzak@redhat.com>

diff -up am-utils-6.1.5/scripts/expn.in.kzak am-utils-6.1.5/scripts/expn.in
--- am-utils-6.1.5/scripts/expn.in.kzak	2008-05-29 12:43:19.000000000 +0200
+++ am-utils-6.1.5/scripts/expn.in	2008-05-29 12:44:20.000000000 +0200
@@ -9,6 +9,7 @@
 # hardcoded constants, should work fine for BSD-based systems
 #require 'sys/socket.ph';	# perl 4
 use Socket;			# perl 5
+use Fcntl
 $AF_INET = &AF_INET;
 $SOCK_STREAM = &SOCK_STREAM;
 
@@ -1009,7 +1010,7 @@ sub mxlookup
 	}
 
 	$0 = "$av0 - nslookup of $server";
-	open(T,">/tmp/expn$$") || die "open > /tmp/expn$$: $!\n";
+	sysopen(T,"/tmp/expn$$", O_EXCL | O_CREAT) || die "open > /tmp/expn$$: $!\n";
 	print T "set querytype=MX\n";
 	print T "$server\n";
 	close(T);

rpms / am-utils

Source Code

Files