diff options
| author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2013-08-20 20:42:10 +0100 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2013-09-06 15:49:02 +0100 |
| commit | f4076dffc10600006dd6415c3584f97bd36907a6 (patch) | |
| tree | 7657b2f4113f4db0a5adfbc2939a082adbc8f5f1 /telepathy-glib/stream-tube-channel.c | |
| parent | 21b395c356549d821b30253f6ec5be8dbd15e333 (diff) | |
| download | telepathy-glib-f4076dffc10600006dd6415c3584f97bd36907a6.tar.gz | |
_tp_create_temp_unix_socket: avoid using tmpnam()
On current Debian unstable, gcc/ld issues a warning about tmpnam(),
because it's usually used in an unsafe way. "gcc -Wl,--fatal-warnings"
(which I'm using in my development environment) upgrades that to fatal.
Our usage was in fact safe (trying to listen on a socket always
behaves like O_EXCL|O_CREAT, which can DoS'd but is not subject to
symlink attacks), but we're swimming against the current by trying
to use tmpnam(). Instead, create a secure private temporary directory
with g_dir_make_tmp(), and put our socket in there.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68350
Reviewed-by: Guillaume Desmottes <guillaume.desmottes@collabora.co.uk>
Diffstat (limited to 'telepathy-glib/stream-tube-channel.c')
| -rw-r--r-- | telepathy-glib/stream-tube-channel.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/telepathy-glib/stream-tube-channel.c b/telepathy-glib/stream-tube-channel.c index 607abad54..8a110d756 100644 --- a/telepathy-glib/stream-tube-channel.c +++ b/telepathy-glib/stream-tube-channel.c @@ -145,6 +145,7 @@ struct _TpStreamTubeChannelPrivate /* Offering side */ GSocketService *service; GSocketAddress *address; + gchar *unix_tmpdir; /* GSocketConnection we have accepted but are still waiting a * NewRemoteConnection to identify them. Owned ConnWaitingSig. */ GSList *conn_waiting_sig; @@ -266,6 +267,13 @@ tp_stream_tube_channel_dispose (GObject *obj) self->priv->address = NULL; } + if (self->priv->unix_tmpdir != NULL) + { + g_rmdir (self->priv->unix_tmpdir); + g_free (self->priv->unix_tmpdir); + self->priv->unix_tmpdir = NULL; + } + tp_clear_pointer (&self->priv->access_control_param, tp_g_value_slice_free); tp_clear_object (&self->priv->local_conn_waiting_id); tp_clear_object (&self->priv->client_socket); @@ -1466,7 +1474,7 @@ tp_stream_tube_channel_offer_async (TpStreamTubeChannel *self, case TP_SOCKET_ADDRESS_TYPE_UNIX: { self->priv->address = _tp_create_temp_unix_socket ( - self->priv->service, &error); + self->priv->service, &self->priv->unix_tmpdir, &error); /* check there wasn't an error on the final attempt */ if (self->priv->address == NULL) |