diff options
author | niels <niels@FreeBSD.org> | 2005-02-01 17:36:44 +0800 |
---|---|---|
committer | niels <niels@FreeBSD.org> | 2005-02-01 17:36:44 +0800 |
commit | 171562d5c1821bdb5c2339831c8fe0322d51cf19 (patch) | |
tree | aad05c63df66800aea2fdc50fa6e07e83b87db28 /news/newsgrab | |
parent | a60ed02c90311535e33ae60a4d20011c4815bf20 (diff) | |
download | freebsd-ports-gnome-171562d5c1821bdb5c2339831c8fe0322d51cf19.tar.gz freebsd-ports-gnome-171562d5c1821bdb5c2339831c8fe0322d51cf19.tar.zst freebsd-ports-gnome-171562d5c1821bdb5c2339831c8fe0322d51cf19.zip |
Fixed directory traversal in file creation and fixed usage of insecure permissions.
Approved by: nectar (mentor), maintainer
VuXML: http://vuxml.freebsd.org/35f6093c-73c3-11d9-8a93-00065be4b5b6.html
VuXML: http://vuxml.freebsd.org/cd7e260a-6bff-11d9-a5df-00065be4b5b6.html
Diffstat (limited to 'news/newsgrab')
-rw-r--r-- | news/newsgrab/Makefile | 1 | ||||
-rw-r--r-- | news/newsgrab/files/patch-newsgrab.pl | 43 |
2 files changed, 44 insertions, 0 deletions
diff --git a/news/newsgrab/Makefile b/news/newsgrab/Makefile index 6d4640bb4013..8782c888aaf4 100644 --- a/news/newsgrab/Makefile +++ b/news/newsgrab/Makefile @@ -7,6 +7,7 @@ PORTNAME= newsgrab PORTVERSION= 0.4.0 +PORTREVISION= 1 CATEGORIES= news MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= newsgrab diff --git a/news/newsgrab/files/patch-newsgrab.pl b/news/newsgrab/files/patch-newsgrab.pl new file mode 100644 index 000000000000..2c4227a0949f --- /dev/null +++ b/news/newsgrab/files/patch-newsgrab.pl @@ -0,0 +1,43 @@ +--- newsgrab.pl.orig Wed Mar 26 14:07:11 2003 ++++ newsgrab.pl Thu Jan 27 10:36:23 2005 +@@ -178,7 +178,7 @@ + if ($input_outdir) { + # Create the directory for the files, if it doesn't exits. + if (! -e $input_outdir) { +- if (!(mkdir $input_outdir, 0777)) { ++ if (!(mkdir $input_outdir, 0600)) { + stat_print "Unable to create output dir '$input_outdir'", + "ERROR"; + exit 1; +@@ -853,6 +853,7 @@ + chomp; + if(/^begin\s*(\d*)\s*(.*)/) { + ($mode, $file) = ($1, $2); ++ $file =~ s/^.*\///g; + if (-e "$OUTDIR/$file") { + print STDERR "File: '$file' already exists. skipping\n"; + undef $file; +@@ -867,13 +868,8 @@ + } + if (/^end/) { + close (OUT); +- if (!($mode)) { +- stat_print "No mode supplied for file", "Warning"; +- } elsif (!($file)) { +- stat_print "No filename to chmod().. Wierd", "Error"; +- } else { +- chmod oct($mode), "$OUTDIR/$file"; +- } ++ ++ chmod 0600 , "$OUTDIR/$file"; + # Set $file and $mode to undef, we have reached the end of this file + undef $file; + undef $mode; +@@ -926,6 +922,7 @@ + if(/ name=(.*)$/) { + $ydec_name = $1; + $ydec_name =~ s/\s+$//g; # Strip wierdo chars ++ $ydec_name =~ s/^.*\///g; + #print "Found attach ".$ydec_name." of size ".$ydec_size."\n"; + } else { + print STDERR "Unknown attach name\n"; |