[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#21913: sed/utils.c temporary file handling code review

From: Stanislav Brabec
Subject: bug#21913: sed/utils.c temporary file handling code review
Date: Wed, 18 Nov 2015 19:09:15 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

Stanislav Brabec wrote:
> While trying to reproduce an obscure crash with temporary file experiencing
> file system error, I looked deeper into sed/utils.c. I found several strange
> things.
Here is a detailed regression map:

commit 9c9919efe2166efd32409054005619062624226c (initial import in 2004)
imported the broken code vulnerable to double fclose() issue and leaving
orphan temporary files in some situations.

commit 9c9919efe2166efd32409054005619062624226c in 2004 introduced the
register_open_file() temporary file bug. No side effects yet.

commit 3a8e165ab02487c372df217c1989e287625ce0ae in 2006 started to really use
broken register_open_file() in ck_mkstemp() with third argument "true". It
caused a regression: keeping orphan files after even more errors than before,
but the regression hides the double fclose() vulnerability.

commit 768901548e280726f160a1da4434f3fde8f9921a in 2015 introduced
register_cleanup_file() that re-implements broken temporary removal feature
of register_open_file(). This change hides the register_open_file() temporary
file bug.

Both mentioned bugs are now present in the code, but probably cannot be

Best Regards / S pozdravem,

Stanislav Brabec
software developer
SUSE LINUX, s. r. o.                         e-mail: address@hidden
Lihovarsk√° 1060/12                            tel: +49 911 7405384547
190 00 Praha 9                                 fax:  +420 284 084 001
Czech Republic                                    http://www.suse.cz/
PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76

reply via email to

[Prev in Thread] Current Thread [Next in Thread]