openkylin
/
kylin-nm
mirror of https://gitee.com/openkylin/kylin-nm.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

add patch fix-security-issue-predictable-filenames-with-system and upload 3.0.3.1-2 to debian

This commit is contained in:
handsome_feng 2024-05-21 16:55:32 +08:00
parent 1534ab472a
commit e1e8ca91b9
3 changed files with 93 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
debian/changelog vendored
View File

@ -1,3 +1,10 @@
kylin-nm (3.0.3.1-2) unstable; urgency=medium
* Add patch: fix-security-issue-predictable-filenames-with-system.
(Closes: #1070113)
-- handsome_feng <jianfengli@ubuntukylin.com> Tue, 21 May 2024 16:53:40 +0800
kylin-nm (3.0.3.1-1) unstable; urgency=medium kylin-nm (3.0.3.1-1) unstable; urgency=medium
* Fix implicit declaration of function. (Closes: #1066555) * Fix implicit declaration of function. (Closes: #1066555)

85
debian/patches/fix-security-issue-predictable-filenames-with-system vendored Normal file
View File

@ -0,0 +1,85 @@
Index: kylin-nm/src/kylin-network-interface.c
===================================================================
--- kylin-nm.orig/src/kylin-network-interface.c
+++ kylin-nm/src/kylin-network-interface.c
@@ -32,6 +32,8 @@
#include <fcntl.h>
#include <sys/syslog.h>
#include <pwd.h>
+#include <sys/wait.h>
+#include <errno.h>
//获取网络接口名
ifname *kylin_network_get_ifacename()
@@ -194,19 +196,43 @@ activecon *kylin_network_get_activecon_i
struct passwd *pwd;
pwd = getpwuid(getuid());
char *name = pwd->pw_name;
- char *tmpPrefix = "/tmp/kylin-nm-activecon-";
- char *chr = "nmcli connection show -active > ";
+ char tmpTemplate[] = "/tmp/kylin-nm-activecon-XXXXXX";
+ int fd = mkstemp(tmpTemplate);
+ if (fd == -1) {
+ syslog(LOG_ERR, "mkstemp() failed in kylin_network_get_activecon_info: %s", strerror(errno));
+ return NULL;
+ }
- char *cmd;
- asprintf(&cmd, "%s%s%s", chr, tmpPrefix, name);
- char *path;
- asprintf(&path, "%s%s", tmpPrefix, name);
- int status = system(cmd);
- if (status != 0)
- syslog(LOG_ERR, "execute 'nmcli connection show -active' in function 'kylin_network_get_activecon_info' failed");
- free(cmd);
+ pid_t pid = fork();
+ if (pid == -1) {
+ syslog(LOG_ERR, "fork() in kylin_network_get_activecon_info failed");
+ close(fd);
+ unlink(tmpTemplate);
+ return NULL;
+ } else if (pid == 0) {
+ //Child process
+ dup2(fd, STDOUT_FILENO);
+ close(fd);
+
+ execlp("nmcli", "nmcli", "connection", "show", "--active",(char *)NULL);
+
+ // If execlp() fails
+ syslog(LOG_ERR, "execlp() failed");
+ _exit(EXIT_FAILURE);
+ } else {
+ // Parent process
+ int status;
+ waitpid(pid, &status, 0);
+ if (status !=0 ) {
+ syslog(LOG_ERR, "execute 'nmcli connection show --active' in 'kylin_network_get_activecon_info' failed");
+ close(fd);
+ unlink(tmpTemplate);
+ return NULL;
+ }
+ close(fd);
+ }
- char *filename = path;
+ char *filename = strdup(tmpTemplate);
FILE *activefp;
int activenum=0;
@@ -233,7 +259,6 @@ activecon *kylin_network_get_activecon_i
printf("error!");
}
- free(path);
fgets(StrLine,1024,fp);
while(!feof(fp))
@@ -325,6 +350,8 @@ activecon *kylin_network_get_activecon_i
}
fclose(fp);
+ unlink(tmpTemplate);
+
activelist[count].con_name=NULL;
activelist[count].type=NULL;
activelist[count].dev=NULL;

1
debian/patches/series vendored Normal file
View File

@ -0,0 +1 @@
fix-security-issue-predictable-filenames-with-system