gnu/packages/patches/id3lib-CVE-2007-4460.patch

   1 This patch fixes an issues where temporary files were created in an insecure
   2 way.
   3
   4 It was first intruduced in version 3.8.3-7 and fixes
   5 http://bugs.debian.org/438540
   6 --- a/src/tag_file.cpp
   7 +++ b/src/tag_file.cpp
   8 @@ -242,8 +242,8 @@
   9      strcpy(sTempFile, filename.c_str());
  10      strcat(sTempFile, sTmpSuffix.c_str());
  11
  12 -#if ((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
  13 -    // This section is for Windows folk && gcc 3.x folk
  14 +#if !defined(HAVE_MKSTEMP)
  15 +    // This section is for Windows folk
  16      fstream tmpOut;
  17      createFile(sTempFile, tmpOut);
  18
  19 @@ -257,7 +257,7 @@
  20        tmpOut.write((char *)tmpBuffer, nBytes);
  21      }
  22
  23 -#else //((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
  24 +#else //!defined(HAVE_MKSTEMP)
  25
  26      // else we gotta make a temp file, copy the tag into it, copy the
  27      // rest of the old file after the tag, delete the old file, rename
  28 @@ -270,7 +270,7 @@
  29        //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
  30      }
  31
  32 -    ofstream tmpOut(fd);
  33 +    ofstream tmpOut(sTempFile);
  34      if (!tmpOut)
  35      {
  36        tmpOut.close();
  37 @@ -285,14 +285,14 @@
  38      uchar tmpBuffer[BUFSIZ];
  39      while (file)
  40      {
  41 -      file.read(tmpBuffer, BUFSIZ);
  42 +      file.read((char *)tmpBuffer, BUFSIZ);
  43        size_t nBytes = file.gcount();
  44 -      tmpOut.write(tmpBuffer, nBytes);
  45 +      tmpOut.write((char *)tmpBuffer, nBytes);
  46      }
  47
  48      close(fd); //closes the file
  49
  50 -#endif ////((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
  51 +#endif ////!defined(HAVE_MKSTEMP)
  52
  53      tmpOut.close();
  54      file.close();