gnash-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-commit] [bug #34903] CVE-2011-4328: gnash creates world-readable

From: Gabriele Giacone
Subject: [Gnash-commit] [bug #34903] CVE-2011-4328: gnash creates world-readable cookies under /tmp with predictable filenames
Date: Thu, 01 Dec 2011 01:47:15 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20100101 Firefox/8.0 Iceweasel/8.0 
Follow-up Comment #8, bug #34903 (project gnash):

> A "%s" is missing in the format string.
Fixed.

> When does the fd get closed?
Changed never_close_handle to close_handle. fd will be closed when sink will
be.

> What happens if mkstemps fails? Boost doesn't appear to document what
happens if an invalid fd is passed.
Added some checks. Quite sure code duplication can be avoided better.

cookiefile branch at git://github.com/gg0/gnash.git

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?34903>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]