mirror of
https://github.com/fish-shell/fish-shell
synced 2024-12-26 12:53:13 +00:00
use mktemp(1) to generate temporary file names
Fix for CVE-2014-2906. Closes a race condition in funced which would allow execution of arbitrary code; closes a race condition in psub which would allow alternation of the data stream. Note that `psub -f` does not work (#1040); a fix should be committed separately for ease of maintenance. Closes #1437
This commit is contained in:
parent
ba1b5e34a7
commit
55bc4168bf
2 changed files with 4 additions and 13 deletions
|
@ -81,11 +81,7 @@ function funced --description 'Edit function definition'
|
|||
return 0
|
||||
end
|
||||
|
||||
set -q TMPDIR; or set -l TMPDIR /tmp
|
||||
set -l tmpname (printf "$TMPDIR/fish_funced_%d_%d.fish" %self (random))
|
||||
while test -f $tmpname
|
||||
set tmpname (printf "$TMPDIR/fish_funced_%d_%d.fish" %self (random))
|
||||
end
|
||||
set tmpname (mktemp -t fish_funced.XXXXXXXXXX)
|
||||
|
||||
if functions -q -- $funcname
|
||||
functions -- $funcname > $tmpname
|
||||
|
|
|
@ -45,21 +45,16 @@ function psub --description "Read from stdin into a file and output the filename
|
|||
return
|
||||
end
|
||||
|
||||
# Find unique file name for writing output to
|
||||
while true
|
||||
set filename /tmp/.psub.(echo %self).(random);
|
||||
if not test -e $filename
|
||||
break;
|
||||
end
|
||||
end
|
||||
|
||||
if test use_fifo = 1
|
||||
# Write output to pipe. This needs to be done in the background so
|
||||
# that the command substitution exits without needing to wait for
|
||||
# all the commands to exit
|
||||
set dir (mktemp -d /tmp/.psub.XXXXXXXXXX); or return
|
||||
set filename $dir/psub.fifo
|
||||
mkfifo $filename
|
||||
cat >$filename &
|
||||
else
|
||||
set filename (mktemp /tmp/.psub.XXXXXXXXXX)
|
||||
cat >$filename
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue