Blame rpm-4.12.0.x-CVE-2013-6435.patch
|
Lubos Kardos |
2474ac |
--- rpm-4.12.0.1/lib/fsm.c.orig 2014-12-12 16:05:51.683430313 +0100
|
|
Lubos Kardos |
2474ac |
+++ rpm-4.12.0.1/lib/fsm.c 2014-12-12 16:08:28.046025597 +0100
|
|
Lubos Kardos |
2474ac |
@@ -215,7 +215,12 @@ static int expandRegular(rpmfi fi, const
|
|
Lubos Kardos |
2474ac |
FD_t wfd = NULL;
|
|
Lubos Kardos |
2474ac |
int rc = 0;
|
|
Lubos Kardos |
2474ac |
|
|
Lubos Kardos |
2474ac |
- wfd = Fopen(dest, "w.ufdio");
|
|
Lubos Kardos |
2474ac |
+ /* Create the file with 000 permissions. */
|
|
Lubos Kardos |
2474ac |
+ {
|
|
Lubos Kardos |
2474ac |
+ mode_t old_umask = umask(0777);
|
|
Lubos Kardos |
2474ac |
+ wfd = Fopen(dest, "w.ufdio");
|
|
Lubos Kardos |
2474ac |
+ umask(old_umask);
|
|
Lubos Kardos |
2474ac |
+ }
|
|
Lubos Kardos |
2474ac |
if (Ferror(wfd)) {
|
|
Lubos Kardos |
2474ac |
rc = RPMERR_OPEN_FAILED;
|
|
Lubos Kardos |
2474ac |
goto exit;
|