Bug#924076: Idea how to solve this

To: 924076@bugs.debian.org
Subject: Bug#924076: Idea how to solve this
From: Helge Kreutzmann <debian@helgefjell.de>
Date: Sat, 23 Mar 2019 20:48:06 +0100
Message-id: <[🔎] 20190323194806.GA14726@Debian-50-lenny-64-minimal>
Reply-to: Helge Kreutzmann <debian@helgefjell.de>, 924076@bugs.debian.org
References: <[🔎] 20190309112507.lnvo25wwd24uxwqu@jwilk.net>

Hello,
I'm not a C programmer but I guess solving this issue might go along
the following path:

Description: Create a secure directory for the FIFO
 TODO: Put a short summary on the line above and replace this paragraph
 with a longer explanation of this change. Complete the meta-information
 with other relevant fields (see below for details). To make it easier, the
 information below has been extracted from the changelog. Adjust it or drop
 it.
 .
 tvtime (1.0.11-4) unstable; urgency=medium
 .
   * QA upload.
   * Add the missing build dependency on pkg-config.
Author: Helge Kreutzmann <debian@helgefjell.de>

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: other
Bug-Debian: https://bugs.debian.org/924076
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: 2019-03-23

--- tvtime-1.0.11.orig/src/utils.c
+++ tvtime-1.0.11/src/utils.c
@@ -167,14 +167,19 @@ char *get_tvtime_fifo_filename( uid_t ui
     char *fifodir;
     char *fifo;
 
+    char *fifosdir;
+
+    /* Create a secure private temporary directory */
+    fifosdir = mkdtemp(FIFODIR "tvtimeXXXXXX");
+
     /* Create string for the directory in FIFODIR */
     pwuid = getpwuid( uid );
     if( pwuid ) {
-        if( asprintf( &fifodir, FIFODIR "/.TV-%s", pwuid->pw_name ) < 0 ) {
+        if( asprintf( &fifodir, "%s/.TV-%s", fifosdir, pwuid->pw_name ) < 0 ) {
             return 0;
         }
     } else {
-        if( asprintf( &fifodir, FIFODIR "/.TV-%u", uid ) < 0 ) {
+        if( asprintf( &fifodir, "%s/.TV-%u", fifosdir, uid ) < 0 ) {
             return 0;
         }
     }


This code segfaults, does not contain error checks but hopefully
someone with real C knowledge can make it work (and prevent tvtime
from being removed).

Greetings

            Helge
-- 
      Dr. Helge Kreutzmann                     debian@helgefjell.de
           Dipl.-Phys.                   http://www.helgefjell.de/debian.php
        64bit GNU powered                     gpg signed mail preferred
           Help keep free software "libre": http://www.ffii.de/

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#924076: tvtime: insecure use of /tmp
  - From: Jakub Wilk <jwilk@jwilk.net>

References:
- Bug#924076: tvtime: insecure use of /tmp
  - From: Jakub Wilk <jwilk@jwilk.net>

Prev by Date: zbar_0.21-4_amd64.changes REJECTED
Next by Date: Rescue boat
Previous by thread: Bug#924076: tvtime: insecure use of /tmp
Next by thread: Bug#924076: tvtime: insecure use of /tmp
Index(es):
- Date
- Thread