diff options
| author | wlemb <wlemb> | 2000-02-07 22:50:19 +0000 |
|---|---|---|
| committer | wlemb <wlemb> | 2000-02-07 22:50:19 +0000 |
| commit | 6d3e7b235f245a72776010b63672f4a99d93d242 (patch) | |
| tree | f03a5b1b9c682acb578464f8d52a573df6663022 | |
| parent | ba5d6797bae7747f8668a874f93ca303ca3ddfea (diff) | |
| download | groff-6d3e7b235f245a72776010b63672f4a99d93d242.tar.gz | |
* html.cc (html_printer::make_new_image_name): Tidied up file and
fixed name of image if the source file is in a different directory.
* html.cc (create_file): Renamed to create_tmp_file.
* html.cc (create_file): Identified & fixed security bug when
creating files in /tmp.
* Makefile.sub: Adapted to new directory structure.
| -rwxr-xr-x | src/devices/grohtml/ChangeLog | 16 | ||||
| -rwxr-xr-x | src/devices/grohtml/html.cc | 33 |
2 files changed, 40 insertions, 9 deletions
diff --git a/src/devices/grohtml/ChangeLog b/src/devices/grohtml/ChangeLog index 136fbc5f..b1b5a7d2 100755 --- a/src/devices/grohtml/ChangeLog +++ b/src/devices/grohtml/ChangeLog @@ -1,3 +1,19 @@ +2000-02-07 Gaius Mulley <gaius@glam.ac.uk> + + * html.cc (html_printer::make_new_image_name): Tidied up file and + fixed name of image if the source file is in a different directory. + + * html.cc (create_file): Renamed to create_tmp_file. + +2000-02-07 Colin Phipps <crp22@cam.ac.uk> + + * html.cc (create_file): Identified & fixed security bug when + creating files in /tmp. + +2000-02-06 Werner LEMBERG <wl@gnu.org> + + * Makefile.sub: Adapted to new directory structure. + 2000-01-28 Gaius Mulley <gaius@glam.ac.uk> * html.cc: Minor fixes. diff --git a/src/devices/grohtml/html.cc b/src/devices/grohtml/html.cc index 3dbbe05b..cb9a069e 100755 --- a/src/devices/grohtml/html.cc +++ b/src/devices/grohtml/html.cc @@ -35,6 +35,9 @@ Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include <unistd.h> #endif +#include <stdio.h> +#include <fcntl.h> + #include "ordered_list.h" #if !defined(TRUE) @@ -1547,8 +1550,11 @@ void html_printer::set_char(int i, font *f, const environment *env, int w, const void html_printer::make_new_image_name (void) { image_number++; - if ((strcmp(current_filename, "<standard input>") == 0) || - (strcmp(current_filename, "-") == 0)) { + + if ((current_filename == 0) || + (strcmp(current_filename, "<standard input>") == 0) || + (strcmp(current_filename, "-") == 0) || + (strchr(current_filename, '/') != 0)) { sprintf(image_name, "grohtml-%d-%ld", image_number, (long)getpid()); } else { sprintf(image_name, "%s-%d-%ld", current_filename, image_number, (long)getpid()); @@ -2402,18 +2408,27 @@ int html_printer::is_less (graphic_glob *g, text_glob *t) return( (g->minv < t->minv) || ((g->minv == t->minv) && (g->minh < t->minh)) ); } -static FILE *create_file (char *filename) +/* + * create_tmp_file - opens a filename in /tmp carefully checking for failure + * otherwise security could be circumvented. + */ + +static FILE *create_tmp_file (char *filename) { FILE *f; + int fd; errno = 0; - f = fopen(filename, "w"); + /* This file is in /tmp, so open carefully */ + fd = open(filename, O_WRONLY | O_CREAT | O_EXCL, 0600); + if (fd < 0) { + fatal("can't create `%1'", filename); + } + f = fdopen(fd, "w"); if (f == 0) { - error("can't create `%1'", filename); - return( 0 ); - } else { - return( f ); + fatal("can't create `%1'", filename); } + return( f ); } void html_printer::convert_to_image (char *name) @@ -2490,7 +2505,7 @@ void html_printer::display_globs (int is_to_html) if (! is_to_html) { is_center = html_position_region(); create_temp_name(name, "troff"); - f = create_file(name); + f = create_tmp_file(name); troff.set_file(f); prologue(); output_style.f = 0; |