Cr8-xyz/blender
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix for security flaw CVE-2008-1103, ref BZ #855092 on https://bugzilla.redhat.com

Browse Source 
patch provided by Jochen Schmitt, made some minor edits.
This commit is contained in:
Campbell Barton
2012-09-08 23:26:15 +00:00
parent 1e2d304973
commit 693ceacc86
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
source/blender/blenkernel/intern/blender.c
View File

@@ -715,8 +715,9 @@ void BKE_undo_save_quit(void)
{
UndoElem *uel;
MemFileChunk *chunk;
int file;
char str[FILE_MAX];
const int flag = O_BINARY + O_WRONLY + O_CREAT + O_TRUNC + O_EXCL;
int file;
if ((U.uiflag & USER_GLOBALUNDO) == 0) {
return;
@@ -736,8 +737,17 @@ void BKE_undo_save_quit(void)
/* save the undo state as quit.blend */
BLI_make_file_string("/", str, BLI_temporary_dir(), "quit.blend");
/* first try create the file, if it exists call without 'O_CREAT',
* to avoid writing to a symlink - use 'O_EXCL' (CVE-2008-1103) */
errno = 0;
file = BLI_open(str, O_BINARY + O_WRONLY + O_CREAT + O_TRUNC, 0666);
file = BLI_open(str, flag, 0666);
if (file == -1) {
if (errno == EEXIST) {
errno = 0;
file = BLI_open(str, flag & ~O_CREAT, 0666);
}
}
if (file == -1) {
fprintf(stderr, "Unable to save '%s': %s\n",
str, errno ? strerror(errno) : "Unknown error opening file");