|
From: | Gabriele Giacone |
Subject: | [Gnash-commit] [bug #34903] CVE-2011-4328: gnash creates world-readable cookies under /tmp with predictable filenames |
Date: | Thu, 01 Dec 2011 01:47:15 +0000 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20100101 Firefox/8.0 Iceweasel/8.0 |
Follow-up Comment #8, bug #34903 (project gnash): > A "%s" is missing in the format string. Fixed. > When does the fd get closed? Changed never_close_handle to close_handle. fd will be closed when sink will be. > What happens if mkstemps fails? Boost doesn't appear to document what happens if an invalid fd is passed. Added some checks. Quite sure code duplication can be avoided better. cookiefile branch at git://github.com/gg0/gnash.git _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?34903> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |