Sophie

Sophie

distrib > Mageia > 1 > i586 > media > core-updates-src > by-pkgid > bf943c4a8a64923e866fc5fe38366ce6 > files > 3

gnash-0.8.9-2.1.mga1.src.rpm

From 8fc19a890ee787d26200dc1b8b5546e3bb15ac7b Mon Sep 17 00:00:00 2001
From: Gabriele Giacone <1o5g4r8o@gmail.com>
Date: Thu, 01 Dec 2011 00:59:15 +0000
Subject: CVE-2011-4328 fix. mkstemps and boost::iostreams. See bug #34903

---
diff --git a/macros/boost.m4 b/macros/boost.m4
index 7c7bb4a..c672870 100644
--- a/macros/boost.m4
+++ b/macros/boost.m4
@@ -34,10 +34,10 @@ AC_DEFUN([GNASH_PATH_BOOST],
   libname=""
   dnl this is a list of *required* headers. If any of these are missing, this
   dnl test will return a failure, and Gnash won't build.
-  boost_headers="detail/lightweight_mutex.hpp thread/thread.hpp multi_index_container.hpp multi_index/key_extractors.hpp thread/mutex.hpp program_options/options_description.hpp"
+  boost_headers="detail/lightweight_mutex.hpp thread/thread.hpp multi_index_container.hpp multi_index/key_extractors.hpp thread/mutex.hpp program_options/options_description.hpp boost/iostreams/stream.hpp"
   dnl this is a list of *required* libraries. If any of these are missing, this
   dnl test will return a failure, and Gnash won't build.
-  boost_libs="thread program_options"
+  boost_libs="thread program_options iostreams"
 
   dnl this is a list of *recommended* libraries. If any of these are missing, this
   dnl test will return a warning, and Gnash will build, but testing won't work.
diff --git a/plugin/npapi/Makefile.am b/plugin/npapi/Makefile.am
index 58566d9..cd2a92b 100644
--- a/plugin/npapi/Makefile.am
+++ b/plugin/npapi/Makefile.am
@@ -78,6 +78,7 @@ libgnashplugin_la_SOURCES  = plugin.cpp \
 
 libgnashplugin_la_LIBADD   = \
 	$(GLIB_LIBS) \
+	-lboost_iostreams \
 	$(NULL)
 
 # Scriptable plugin support
diff --git a/plugin/npapi/plugin.cpp b/plugin/npapi/plugin.cpp
index 55bafc3..edcecfe 100644
--- a/plugin/npapi/plugin.cpp
+++ b/plugin/npapi/plugin.cpp
@@ -25,6 +25,8 @@
 #include <boost/scoped_array.hpp>
 #include <boost/algorithm/string/replace.hpp>
 #include <boost/algorithm/string/find.hpp>
+#include <boost/iostreams/device/file_descriptor.hpp>
+#include <boost/iostreams/stream.hpp>
 #include <cassert>
 #include <string>
 #include <cstdlib> // getenv
@@ -150,6 +152,17 @@ getPluginDescription()
     return desc;
 }
 
+boost::iostreams::file_descriptor_sink getfdsink(char mkstemplate[]);
+
+boost::iostreams::file_descriptor_sink
+getfdsink(char mksTemplate[])
+{
+  int suffix = std::string(mksTemplate).size() - std::string(mksTemplate).find("XXXXXX") - 6;
+  int fd = mkstemps (mksTemplate, suffix);
+  boost::iostreams::file_descriptor_sink fdsink(fd, boost::iostreams::close_handle);
+  return fdsink;
+}
+
 //
 // general initialization and shutdown
 //
@@ -965,22 +978,23 @@ create_standalone_launcher(const std::string& page_url, const std::string& swf_u
         return;
     }
 
-    std::ofstream saLauncher;
-
-    std::stringstream ss;
-    static int debugno = 0;
-    debugno = (debugno + 1) % 10;
-    ss << "/tmp/gnash-debug-" << debugno << ".sh";
-    saLauncher.open(ss.str().c_str(), std::ios::out | std::ios::trunc);
+    char debugname[] = "/tmp/gnash-debug-XXXXXX.sh";
+    boost::iostreams::file_descriptor_sink fdsink = getfdsink(debugname);
+    if (fdsink.handle() == -1) {
+        gnash::log_error("Failed to create sink: %s", debugname);
+        return;
+    }
+    boost::iostreams::stream<boost::iostreams::file_descriptor_sink>
+        saLauncher (fdsink);
 
     if (!saLauncher) {
-        gnash::log_error("Failed to open new file for standalone launcher: " + ss.str());
+        gnash::log_error("Failed to open new file for standalone launcher: %s", debugname);
         return;
     }
 
     saLauncher << "#!/bin/sh" << std::endl
                << "export GNASH_COOKIES_IN="
-               << "/tmp/gnash-cookies." << getpid() << std::endl
+               << std::getenv("GNASH_COOKIES_IN") << std::endl
                << getGnashExecutable() << " ";
 
     if (!page_url.empty()) {
@@ -1003,6 +1017,7 @@ create_standalone_launcher(const std::string& page_url, const std::string& swf_u
                << std::endl;
 
     saLauncher.close();
+    fdsink.close();
 #endif
 }
 
@@ -1102,11 +1117,14 @@ nsPluginInstance::setupCookies(const std::string& pageurl)
     }
 
     gnash::log_debug("The Cookie for %s is %s", url, ncookie);
-    std::ofstream cookiefile;
-    std::stringstream ss;
-    ss << "/tmp/gnash-cookies." << getpid();
-
-    cookiefile.open(ss.str().c_str(), std::ios::out | std::ios::trunc);
+    char cookiename[] = "/tmp/gnash-cookies.XXXXXX";
+    boost::iostreams::file_descriptor_sink fdsink = getfdsink(cookiename);
+    if (fdsink.handle() == -1) {
+        gnash::log_error("Failed to create sink: %s", cookiename);
+        return;
+    }
+    boost::iostreams::stream<boost::iostreams::file_descriptor_sink>
+        cookiefile (fdsink);
 
     // Firefox provides cookies in the following format:
     //
@@ -1127,8 +1144,9 @@ nsPluginInstance::setupCookies(const std::string& pageurl)
     }
  
     cookiefile.close();
+    fdsink.close();
   
-    if (setenv("GNASH_COOKIES_IN", ss.str().c_str(), 1) < 0) {
+    if (setenv("GNASH_COOKIES_IN", cookiename, 1) < 0) {
         gnash::log_error(
             "Couldn't set environment variable GNASH_COOKIES_IN to %s",
             ncookie);
--
cgit v0.9.0.2

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional