Changeset 1644 in MondoRescue for branches/2.2.5/mondo/src/common/libmondo-verify.c

Timestamp:

Sep 23, 2007, 2:41:29 AM (17 years ago)

Author:

Bruno Cornec

Message:

Apply patch from Andree Leidenfrost, modified a bit to use bkpinfo->tmpdir instead of /tmp
or MINDI_CACHE when appropriate. Fix security issues in mondo
Thanks al ot Andree for catching all those issues.
Will not compile needs more work as bkpinfo->tmpdir isn't available everywhere
Should become a global in 3.x when only containing pointers.

File:

• branches/2.2.5/mondo/src/common/libmondo-verify.c (modified) (4 diffs)

branches/2.2.5/mondo/src/common/libmondo-verify.c

@@ -395 +395 @@
                             bkpinfo->restore_path,
                             biggiestruct.filename);
-                asprintf(&tmp, "echo \"%s/%s not found\" >> /tmp/biggies.changed",
+                asprintf(&tmp, "echo \"%s/%s not found\" >> %s/biggies.changed",
                             bkpinfo->restore_path,
-                            biggiestruct.filename);
+                            biggiestruct.filename,
+                            bkpinfo->tmpdir);
                 system(tmp);
                 paranoid_free(tmp);
@@ -786 +787 @@
                     biggie_fname);
             log_to_screen(tmp);
-            sprintf(tmp, "echo \"%s\" >> /tmp/biggies.changed",
-                    biggie_fname);
+            sprintf(tmp, "echo \"%s\" >> %s/biggies.changed",
+                    biggie_fname, bkpinfo->tmpdir);
             system(tmp);
         }
@@ -1181 +1182 @@
 /* close tape; exit */
 //  fclose(g_tape_stream); <-- not needed; is handled by closein_tape()
-    paranoid_system
-        ("rm -f /tmp/biggies.changed /tmp/changed.files.[0-9]* 2> /dev/null");
-    sprintf(changed_files_fname, "/tmp/changed.files.%d",
-            (int) (random() % 32767));
+    sprintf(tmp, "rm -f %s/biggies.changed %s/changed.files 2> /dev/null", bkpinfo->tmpdir, bkpinfo->tmpdir);
+    paranoid_system(tmp);
+    sprintf(changed_files_fname, "%s/changed.files", bkpinfo->tmpdir);
     sprintf(tmp,
             "grep -E '^%s:.*$' %s | cut -d'\"' -f2 | sort -u | awk '{print \"/\"$0;};' | tr -s '/' '/' | grep -v \"(total of\" | grep -v \"incheckentry.*xwait\" | grep -vE '^/afio:.*$' | grep -vE '^dev/.*$'  > %s",
@@ -1201 +1201 @@
         }
     }
-    sprintf(tmp, "cat /tmp/biggies.changed >> %s", changed_files_fname);
+    sprintf(tmp, "cat %s/biggies.changed >> %s", bkpinfo->tmpdir, changed_files_fname);
     paranoid_system(tmp);
 
     diffs = count_lines_in_file(changed_files_fname);
     if (diffs > 0) {
-        sprintf(tmp, "cp -f %s %s", changed_files_fname,
-                "/tmp/changed.files");
+        sprintf(tmp, "cp -f %s %s/changed.files", changed_files_fname,
+                MINDI_CACHE);
         run_program_and_log_output(tmp, FALSE);
         sprintf(tmp,
-                "%ld files differed from live filesystem; type less %s or less %s to see",
-                diffs, changed_files_fname, "/tmp/changed.files");
+                "%ld files differed from live filesystem; type less %s or less %s/changed.files to see",
+                diffs, changed_files_fname, MINDI_CACHE);
         log_msg(0, tmp);
-        log_to_screen
-            ("See /tmp/changed.files for a list of nonmatching files.");
-        log_to_screen
-            ("The files probably changed on filesystem, not on backup media.");
+        log_to_screen("See "MINDI_CACHE"/changed.files for a list of nonmatching files.");
+        log_to_screen("The files probably changed on filesystem, not on backup media.");
         //      retval++;
     }