1
0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-06 06:30:19 +00:00
freebsd-ports/print/ghostscript7/files/patch-lib:pj-gs.sh.CAN-2004-0967
Hiroki Sato ceed13510d Security fix: several shell scripts included in the Ghostscript package
allow local users to overwrite files via a symlink attack on temporary
files.

Security: CAN-2004-0967
2005-11-27 17:57:19 +00:00

41 lines
1.1 KiB
Plaintext

--- lib/pj-gs.sh.orig Thu Mar 9 17:40:40 2000
+++ lib/pj-gs.sh Mon Nov 28 02:22:20 2005
@@ -241,6 +241,7 @@
then
/usr/lib/lprcat $Nofilter $Nolabel $file PCL1 $user $dev
else
+ TEMPFILE=`mktemp -t pjXXXXXX` || exit 1
type=`file $file | sed 's/^[^:]*..//'`
case "$type" in
postscript*)
@@ -251,22 +252,22 @@
#
# gs -q -sDEVICE=paintjet -r180 -sOutputFile=- -dDISKFONTS -dNOPAUSE - < $file 2>/tmp/sh$$
- gs -q -sDEVICE=paintjet -r180 -sOutputFile=/tmp/pj$$ -dDISKFONTS -dNOPAUSE - < $file 1>2
- cat /tmp/pj$$
- rm /tmp/pj$$
+ gs -q -sDEVICE=paintjet -r180 -sOutputFile=$TEMPFILE -dDISKFONTS -dNOPAUSE - < $file 1>2
+ cat $TEMPFILE
+ rm $TEMPFILE
needff=
;;
- *) cat "$file" 2>/tmp/sh$$
+ *) cat "$file" 2>$TEMPFILE
needff=1
;;
esac
- if [ -s /tmp/sh$$ ]
+ if [ -s $TEMPFILE ]
then
# cat /tmp/sh$$ # output any errors
- cat /tmp/sh$$ 1>2 # output any errors
+ cat $TEMPFILE 1>2 # output any errors
fi
- rm -f /tmp/sh$$
+ rm -f $TEMPFILE
if [ $needff ]; then echo "\014\r\c"; fi
fi