mirror of
https://github.com/fish-shell/fish-shell
synced 2025-01-26 03:35:17 +00:00
use mktemp(1) to generate temporary file names
Fix for CVE-2014-2906. Closes a race condition in funced which would allow execution of arbitrary code; closes a race condition in psub which would allow alternation of the data stream. Note that `psub -f` does not work (#1040); a fix should be committed separately for ease of maintenance.
This commit is contained in:
parent
aea9ad4965
commit
55986120aa
2 changed files with 4 additions and 13 deletions
|
@ -81,11 +81,7 @@ function funced --description 'Edit function definition'
|
||||||
return 0
|
return 0
|
||||||
end
|
end
|
||||||
|
|
||||||
set -q TMPDIR; or set -l TMPDIR /tmp
|
set tmpname (mktemp -t fish_funced.XXXXXXXXXX)
|
||||||
set -l tmpname (printf "$TMPDIR/fish_funced_%d_%d.fish" %self (random))
|
|
||||||
while test -f $tmpname
|
|
||||||
set tmpname (printf "$TMPDIR/fish_funced_%d_%d.fish" %self (random))
|
|
||||||
end
|
|
||||||
|
|
||||||
if functions -q -- $funcname
|
if functions -q -- $funcname
|
||||||
functions -- $funcname > $tmpname
|
functions -- $funcname > $tmpname
|
||||||
|
|
|
@ -45,21 +45,16 @@ function psub --description "Read from stdin into a file and output the filename
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
# Find unique file name for writing output to
|
|
||||||
while true
|
|
||||||
set filename /tmp/.psub.(echo %self).(random);
|
|
||||||
if not test -e $filename
|
|
||||||
break;
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
if test use_fifo = 1
|
if test use_fifo = 1
|
||||||
# Write output to pipe. This needs to be done in the background so
|
# Write output to pipe. This needs to be done in the background so
|
||||||
# that the command substitution exits without needing to wait for
|
# that the command substitution exits without needing to wait for
|
||||||
# all the commands to exit
|
# all the commands to exit
|
||||||
|
set dir (mktemp -d /tmp/.psub.XXXXXXXXXX); or return
|
||||||
|
set filename $dir/psub.fifo
|
||||||
mkfifo $filename
|
mkfifo $filename
|
||||||
cat >$filename &
|
cat >$filename &
|
||||||
else
|
else
|
||||||
|
set filename (mktemp /tmp/.psub.XXXXXXXXXX)
|
||||||
cat >$filename
|
cat >$filename
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue