gnash-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-commit] [bug #34903] CVE-2011-4328: gnash creates world-readable

From: Benjamin Wolsey
Subject: [Gnash-commit] [bug #34903] CVE-2011-4328: gnash creates world-readable cookies under /tmp with predictable filenames
Date: Sun, 27 Nov 2011 07:53:18 +0000
User-agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.10 Chromium/14.0.835.202 Chrome/14.0.835.202 Safari/535.1 
Follow-up Comment #4, bug #34903 (project gnash):

mkstemps() modifies the passed argument. The return from
stringstream::str().c_str() is a const char* for a good reason: it's not
modifiable. 

To do it properly you need to copy the string to a modifiable buffer and pass
that instead, so that the buffer then contains the actual filename.

Also, the code needs to be in a separate function to avoid duplicating it and
to make it easier for non-POSIX systems to implement.

Creating your own random filenames has lots of pitfalls (e.g. the lower-order
bits are often much less random in rand(), so using the modulo operator like
the patch does produces much more predictable values). That's why I'd prefer
mkstemps.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?34903>

_______________________________________________
  Nachricht geschickt von/durch Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]