aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Belkin <abc@telekom.ru>2016-11-06 22:28:03 +0300
committerAlex Belkin <abc@telekom.ru>2016-11-06 22:55:58 +0300
commit69a008830b84437701022cbd96a8863ac61d3ddf (patch)
treebb6fbf44c090272502bd10d1300d16f3969efa25
parent226c2b9deb2f4f4b1d7c51ad4bb83d181e5e31b5 (diff)
Pre-create temporary file for Jpeg scanning.
Jpeg mode (as submitted by Samsung developer) uses temporary file with fixed name. This opens attacks on reading its content or overwriting any other user-writable file (with symlink). This change pre-creates temporary file with O_CREAT|O_EXCL and mode 0600. Assuming usual +t permissions for tmp this should mitigate issue.
-rw-r--r--backend/xerox_mfp.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/backend/xerox_mfp.c b/backend/xerox_mfp.c
index ccd14b3..8b8c895 100644
--- a/backend/xerox_mfp.c
+++ b/backend/xerox_mfp.c
@@ -1481,7 +1481,17 @@ sane_start(SANE_Handle h)
if (isSupportedDevice(dev) &&
dev->composition == MODE_RGB24) {
+ int fd;
remove(encTmpFileName);
+
+ /* Precreate temporary file in exclusive mode. */
+ fd = open(encTmpFileName, O_CREAT|O_EXCL, 0600);
+ if (fd == -1) {
+ DBG(3, "%s: %p, can't create temporary file %s: %s\n", __func__,
+ (void *)dev, encTmpFileName, strerror(errno));
+ return ret_cancel(dev, SANE_STATUS_ACCESS_DENIED);
+ }
+ close(fd);
}
dev->currentDecDataIndex = 0;