File CVE-2018-6198.patch of Package w3m.6581
From 18dcbadf2771cdb0c18509b14e4e73505b242753 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Sun, 21 Jan 2018 01:29:10 +0900
Subject: [PATCH] Make temporary directory safely when ~/.w3m is unwritable
---
config.h.dist | 1 +
config.h.in | 1 +
configure | 2 +-
configure.ac | 2 +-
main.c | 7 +++++++
rc.c | 5 +++++
6 files changed, 16 insertions(+), 2 deletions(-)
Index: w3m-0.5.3.git20161120/config.h.dist
===================================================================
--- w3m-0.5.3.git20161120.orig/config.h.dist
+++ w3m-0.5.3.git20161120/config.h.dist
@@ -210,6 +210,7 @@ typedef long clen_t;
#define HAVE_SRANDOM
#undef HAVE_GETPASSPHRASE
#define HAVE_CHDIR
+#define HAVE_MKDTEMP
#define SETJMP(env) sigsetjmp(env,1)
Index: w3m-0.5.3.git20161120/config.h.in
===================================================================
--- w3m-0.5.3.git20161120.orig/config.h.in
+++ w3m-0.5.3.git20161120/config.h.in
@@ -143,6 +143,7 @@ typedef long clen_t;
#undef HAVE_SRANDOM
#undef HAVE_GETPASSPHRASE
#undef HAVE_CHDIR
+#undef HAVE_MKDTEMP
#undef HAVE_SETPGRP
#undef HAVE_SETLOCALE
#undef HAVE_LANGINFO_CODESET
Index: w3m-0.5.3.git20161120/configure
===================================================================
--- w3m-0.5.3.git20161120.orig/configure
+++ w3m-0.5.3.git20161120/configure
@@ -8767,7 +8767,7 @@ _ACEOF
-for ac_func in strcasecmp strcasestr strchr memcpy strerror bcopy setpgrp chdir getcwd getwd readlink setenv putenv strtoll stroq atoll atoq symlink readlink lstat srand48 srandom getpassphrase waitpid setlocale
+for ac_func in strcasecmp strcasestr strchr memcpy strerror bcopy setpgrp chdir mkdtemp getcwd getwd readlink setenv putenv strtoll stroq atoll atoq symlink readlink lstat srand48 srandom getpassphrase waitpid setlocale
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
Index: w3m-0.5.3.git20161120/configure.ac
===================================================================
--- w3m-0.5.3.git20161120.orig/configure.ac
+++ w3m-0.5.3.git20161120/configure.ac
@@ -150,7 +150,7 @@ dnl AC_FUNC_MEMCMP
dnl AC_FUNC_MMAP
dnl AC_FUNC_SETVBUF_REVERSED
dnl AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(strcasecmp strcasestr strchr memcpy strerror bcopy setpgrp chdir getcwd getwd readlink setenv putenv strtoll stroq atoll atoq symlink readlink lstat srand48 srandom getpassphrase waitpid setlocale)
+AC_CHECK_FUNCS(strcasecmp strcasestr strchr memcpy strerror bcopy setpgrp chdir mkdtemp getcwd getwd readlink setenv putenv strtoll stroq atoll atoq symlink readlink lstat srand48 srandom getpassphrase waitpid setlocale)
AC_FUNC_STRFTIME
AC_FUNC_WAIT3
AC_FUNC_SETPGRP
Index: w3m-0.5.3.git20161120/main.c
===================================================================
--- w3m-0.5.3.git20161120.orig/main.c
+++ w3m-0.5.3.git20161120/main.c
@@ -6034,6 +6034,13 @@ w3m_exit(int i)
#ifdef __MINGW32_VERSION
WSACleanup();
#endif
+#ifdef HAVE_MKDTEMP
+ if (no_rc_dir && tmp_dir != rc_dir)
+ if (rmdir(tmp_dir) != 0) {
+ fprintf(stderr, "Can't remove temporary directory (%s)!\n", tmp_dir);
+ exit(1);
+ }
+#endif
exit(i);
}
Index: w3m-0.5.3.git20161120/rc.c
===================================================================
--- w3m-0.5.3.git20161120.orig/rc.c
+++ w3m-0.5.3.git20161120/rc.c
@@ -1330,6 +1330,11 @@ init_rc(void)
((tmp_dir = getenv("TMP")) == NULL || *tmp_dir == '\0') &&
((tmp_dir = getenv("TEMP")) == NULL || *tmp_dir == '\0'))
tmp_dir = "/tmp";
+#ifdef HAVE_MKDTEMP
+ tmp_dir = mkdtemp(Strnew_m_charp(tmp_dir, "/w3m-XXXXXX", NULL)->ptr);
+ if (tmp_dir == NULL)
+ tmp_dir = rc_dir;
+#endif
create_option_search_table();
goto open_rc;
}
