[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [50481] trunk/blender/source/blender/ blenkernel/intern/blender.c: fix for security flaw CVE-2008-1103, ref BZ #855092 on https://bugzilla.redhat.com
Campbell Barton
ideasman42 at gmail.com
Sun Sep 9 01:26:15 CEST 2012
Revision: 50481
http://projects.blender.org/scm/viewvc.php?view=rev&root=bf-blender&revision=50481
Author: campbellbarton
Date: 2012-09-08 23:26:15 +0000 (Sat, 08 Sep 2012)
Log Message:
-----------
fix for security flaw CVE-2008-1103, ref BZ #855092 on https://bugzilla.redhat.com
patch provided by Jochen Schmitt, made some minor edits.
Modified Paths:
--------------
trunk/blender/source/blender/blenkernel/intern/blender.c
Modified: trunk/blender/source/blender/blenkernel/intern/blender.c
===================================================================
--- trunk/blender/source/blender/blenkernel/intern/blender.c 2012-09-08 23:07:53 UTC (rev 50480)
+++ trunk/blender/source/blender/blenkernel/intern/blender.c 2012-09-08 23:26:15 UTC (rev 50481)
@@ -715,8 +715,9 @@
{
UndoElem *uel;
MemFileChunk *chunk;
+ char str[FILE_MAX];
+ const int flag = O_BINARY + O_WRONLY + O_CREAT + O_TRUNC + O_EXCL;
int file;
- char str[FILE_MAX];
if ((U.uiflag & USER_GLOBALUNDO) == 0) {
return;
@@ -736,9 +737,18 @@
/* save the undo state as quit.blend */
BLI_make_file_string("/", str, BLI_temporary_dir(), "quit.blend");
+ /* first try create the file, if it exists call without 'O_CREAT',
+ * to avoid writing to a symlink - use 'O_EXCL' (CVE-2008-1103) */
errno = 0;
- file = BLI_open(str, O_BINARY + O_WRONLY + O_CREAT + O_TRUNC, 0666);
+ file = BLI_open(str, flag, 0666);
if (file == -1) {
+ if (errno == EEXIST) {
+ errno = 0;
+ file = BLI_open(str, flag & ~O_CREAT, 0666);
+ }
+ }
+
+ if (file == -1) {
fprintf(stderr, "Unable to save '%s': %s\n",
str, errno ? strerror(errno) : "Unknown error opening file");
return;
More information about the Bf-blender-cvs
mailing list