Ignore:
Timestamp:
Sep 23, 2007, 2:41:29 AM (12 years ago)
Author:
Bruno Cornec
Message:

Apply patch from Andree Leidenfrost, modified a bit to use bkpinfo->tmpdir instead of /tmp
or MINDI_CACHE when appropriate. Fix security issues in mondo
Thanks al ot Andree for catching all those issues.
Will not compile needs more work as bkpinfo->tmpdir isn't available everywhere
Should become a global in 3.x when only containing pointers.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.2.5/mondo/src/common/libmondo-fork.c

    r1316 r1644  
    339339        log_if_failure = TRUE;
    340340    }
    341     sprintf(callstr,
    342             "%s > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err",
    343             program);
     341    sprintf(callstr, "%s > %s/mondo-run-prog-thing.tmp 2> %s/mondo-run-prog-thing.err",
     342             program, bkpinfo->tmpdir, bkpinfo->tmpdir);
    344343    while ((p = strchr(callstr, '\r'))) {
    345344        *p = ' ';
     
    368367                "--------------------------------start of output-----------------------------");
    369368    }
    370     if (log_if_failure
    371         &&
    372         system
    373         ("cat /tmp/mondo-run-prog-thing.err >> /tmp/mondo-run-prog-thing.tmp 2> /dev/null"))
    374     {
     369    sprintf(callstr, "cat %s/mondo-run-prog-thing.err >> %s/mondo-run-prog-thing.tmp 2> /dev/null", bkpinfo->tmpdir, bkpinfo->tmpdir);
     370    if (log_if_failure && system(callstr)) {
    375371        log_OS_error("Command failed");
    376372    }
    377     unlink("/tmp/mondo-run-prog-thing.err");
    378     fin = fopen("/tmp/mondo-run-prog-thing.tmp", "r");
     373    sprintf(tmp, "%s/mondo-run-prog-thing.err", bkpinfo->tmpdir);
     374    unlink(tmp);
     375    sprintf(tmp, "%s/mondo-run-prog-thing.tmp", bkpinfo->tmpdir);
     376    fin = fopen(tmp, "r");
    379377    if (fin) {
    380378        for (fgets(incoming, MAX_STR_LEN, fin); !feof(fin);
     
    397395        paranoid_fclose(fin);
    398396    }
    399     unlink("/tmp/mondo-run-prog-thing.tmp");
     397    unlink(tmp);
    400398    if ((res == 0 && log_if_success) || (res != 0 && log_if_failure)) {
    401399        log_msg(0,
     
    441439    assert_string_is_neither_NULL_nor_zerolength(basic_call);
    442440
    443     sprintf(lockfile, "/tmp/mojo-jojo.blah.XXXXXX");
    444     mkstemp(lockfile);
     441    sprintf(lockfile, "%s/mojo-jojo.bla.bla", bkpinfo->tmpdir);
     442
    445443    sprintf(command,
    446444            "echo hi > %s ; %s >> %s 2>> %s; res=$?; sleep 1; rm -f %s; exit $res",
     
    514512    char *tmp;
    515513    char *buf;
     514    char filestr[MAX_STR_LEN];
    516515    long int bytes_to_be_read, bytes_read_in, bytes_written_out =
    517516        0, bufcap, subsliceno = 0;
     
    614613            log_msg(5, "tmpB is %s", tmp);
    615614            if (!strstr(tmp, PIMP_END_SZ)) {
    616                 ftmp = fopen("/tmp/out.leftover", "w");
     615                sprintf(filestr, "%s/out.leftover", bkpinfo->tmpdir);
     616                ftmp = fopen(filestr, "w");
    617617                bytes_read_in = fread(tmp, 1, 64, fin);
    618618                log_msg(1, "bytes_read_in = %ld", bytes_read_in);
     
    693693
    694694    strcpy(title, tt);
    695     strcpy(tempfile,
    696            call_program_and_get_last_line_of_output
    697            ("mktemp -q /tmp/mondo.XXXXXXXX"));
     695    sprintf(tempfile, "%s/mondo.binperc", bkpinfo->tmpdir);
    698696    sprintf(command, "%s >> %s 2>> %s; rm -f %s", cmd, tempfile, tempfile,
    699697            tempfile);
Note: See TracChangeset for help on using the changeset viewer.