diff options
| author | ache <ache@FreeBSD.org> | 2005-09-10 02:33:17 +0800 |
|---|---|---|
| committer | ache <ache@FreeBSD.org> | 2005-09-10 02:33:17 +0800 |
| commit | 9d7c149ff0ee60f5661fee84535b72e104ba962e (patch) | |
| tree | a13ac5a8744d25e07ed035a36ff0ebfd5e9db11d /archivers | |
| parent | 11017f20ce892a3e2158a655a3088e16459fb0cd (diff) | |
| download | freebsd-ports-gnome-9d7c149ff0ee60f5661fee84535b72e104ba962e.tar.gz freebsd-ports-gnome-9d7c149ff0ee60f5661fee84535b72e104ba962e.tar.zst freebsd-ports-gnome-9d7c149ff0ee60f5661fee84535b72e104ba962e.zip | |
unzip TOCTOU file-permissions vulnerability
(submitted patch slightly modified)
PR: 85920
Submitted by: Marcus Alves Grando <marcus@corp.grupos.com.br>
Diffstat (limited to 'archivers')
| -rw-r--r-- | archivers/unzip/Makefile | 2 | ||||
| -rw-r--r-- | archivers/unzip/files/patch-unix_unix.c | 36 |
2 files changed, 37 insertions, 1 deletions
diff --git a/archivers/unzip/Makefile b/archivers/unzip/Makefile index 6930cab4c95f..24adf86c8b0a 100644 --- a/archivers/unzip/Makefile +++ b/archivers/unzip/Makefile @@ -7,7 +7,7 @@ PORTNAME= unzip PORTVERSION= 5.52 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES?= archivers MASTER_SITES= ftp://ftp.info-zip.org/pub/infozip/src/ \ ${MASTER_SITE_TEX_CTAN:S,%SUBDIR%,tools/zip/info-zip/src/,} diff --git a/archivers/unzip/files/patch-unix_unix.c b/archivers/unzip/files/patch-unix_unix.c new file mode 100644 index 000000000000..97d346bd953b --- /dev/null +++ b/archivers/unzip/files/patch-unix_unix.c @@ -0,0 +1,36 @@ +--- unix/unix.c.orig Sat Feb 26 16:43:42 2005 ++++ unix/unix.c Fri Sep 9 14:36:35 2005 +@@ -1042,6 +1042,16 @@ + ush z_uidgid[2]; + int have_uidgid_flg; + ++/*--------------------------------------------------------------------------- ++ Change the file permissions from default ones to those stored in the ++ zipfile. ++ ---------------------------------------------------------------------------*/ ++ ++#ifndef NO_CHMOD ++ if (fchmod(fileno(G.outfile), filtattr(__G__ G.pInfo->file_attr))) ++ perror("fchmod (file attributes) error"); ++#endif ++ + fclose(G.outfile); + + /*--------------------------------------------------------------------------- +@@ -1150,16 +1160,6 @@ + " (warning) cannot set times")); + #endif /* ?AOS_VS */ + } +- +-/*--------------------------------------------------------------------------- +- Change the file permissions from default ones to those stored in the +- zipfile. +- ---------------------------------------------------------------------------*/ +- +-#ifndef NO_CHMOD +- if (chmod(G.filename, filtattr(__G__ G.pInfo->file_attr))) +- perror("chmod (file attributes) error"); +-#endif + + } /* end function close_outfile() */ + |