diff options
| author | Andrey A. Chernov <ache@FreeBSD.org> | 2005-09-09 18:33:17 +0000 |
|---|---|---|
| committer | Andrey A. Chernov <ache@FreeBSD.org> | 2005-09-09 18:33:17 +0000 |
| commit | c0f88731fd0ad320441f6ffb630c72fc31c7223b (patch) | |
| tree | e94abc97a5d2fe089954081643c48a893f21e455 /archivers/unzip | |
| parent | 975f5a1beb41195fe0ca3208ee7cf5ac09aa84b4 (diff) | |
| download | ports-c0f88731fd0ad320441f6ffb630c72fc31c7223b.tar.gz ports-c0f88731fd0ad320441f6ffb630c72fc31c7223b.zip | |
unzip TOCTOU file-permissions vulnerability
(submitted patch slightly modified)
PR: 85920
Submitted by: Marcus Alves Grando <marcus@corp.grupos.com.br>
Notes
Notes:
svn path=/head/; revision=142310
Diffstat (limited to 'archivers/unzip')
| -rw-r--r-- | archivers/unzip/Makefile | 2 | ||||
| -rw-r--r-- | archivers/unzip/files/patch-unix_unix.c | 36 |
2 files changed, 37 insertions, 1 deletions
diff --git a/archivers/unzip/Makefile b/archivers/unzip/Makefile index 6930cab4c95f..24adf86c8b0a 100644 --- a/archivers/unzip/Makefile +++ b/archivers/unzip/Makefile @@ -7,7 +7,7 @@ PORTNAME= unzip PORTVERSION= 5.52 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES?= archivers MASTER_SITES= ftp://ftp.info-zip.org/pub/infozip/src/ \ ${MASTER_SITE_TEX_CTAN:S,%SUBDIR%,tools/zip/info-zip/src/,} diff --git a/archivers/unzip/files/patch-unix_unix.c b/archivers/unzip/files/patch-unix_unix.c new file mode 100644 index 000000000000..97d346bd953b --- /dev/null +++ b/archivers/unzip/files/patch-unix_unix.c @@ -0,0 +1,36 @@ +--- unix/unix.c.orig Sat Feb 26 16:43:42 2005 ++++ unix/unix.c Fri Sep 9 14:36:35 2005 +@@ -1042,6 +1042,16 @@ + ush z_uidgid[2]; + int have_uidgid_flg; + ++/*--------------------------------------------------------------------------- ++ Change the file permissions from default ones to those stored in the ++ zipfile. ++ ---------------------------------------------------------------------------*/ ++ ++#ifndef NO_CHMOD ++ if (fchmod(fileno(G.outfile), filtattr(__G__ G.pInfo->file_attr))) ++ perror("fchmod (file attributes) error"); ++#endif ++ + fclose(G.outfile); + + /*--------------------------------------------------------------------------- +@@ -1150,16 +1160,6 @@ + " (warning) cannot set times")); + #endif /* ?AOS_VS */ + } +- +-/*--------------------------------------------------------------------------- +- Change the file permissions from default ones to those stored in the +- zipfile. +- ---------------------------------------------------------------------------*/ +- +-#ifndef NO_CHMOD +- if (chmod(G.filename, filtattr(__G__ G.pInfo->file_attr))) +- perror("chmod (file attributes) error"); +-#endif + + } /* end function close_outfile() */ + |