Add patch, fix security issue that predictable filenames with system
This commit is contained in:
xibowen
parent
7a9f0c4d61
commit
d9352d600a
|
|
@ -0,0 +1,87 @@
|
||||||
|
diff --git a/KylinNM/src/kylin-network-interface.c b/KylinNM/src/kylin-network-interface.c
|
||||||
|
index eed3a86..f827ce9 100644
|
||||||
|
--- a/KylinNM/src/kylin-network-interface.c
|
||||||
|
+++ b/KylinNM/src/kylin-network-interface.c
|
||||||
|
@@ -32,7 +32,8 @@
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <sys/syslog.h>
|
||||||
|
#include <pwd.h>
|
||||||
|
-
|
||||||
|
+#include <sys/wait.h>
|
||||||
|
+#include <errno.h>
|
||||||
|
|
||||||
|
//获取网络接口名
|
||||||
|
ifname *kylin_network_get_ifacename()
|
||||||
|
@@ -195,20 +196,43 @@ activecon *kylin_network_get_activecon_info()
|
||||||
|
struct passwd *pwd;
|
||||||
|
pwd = getpwuid(getuid());
|
||||||
|
char *name = pwd->pw_name;
|
||||||
|
- char *tmpPrefix = "/tmp/kylin-nm-activecon-";
|
||||||
|
- char *chr = "nmcli connection show -active > ";
|
||||||
|
+ char tmpTemplate[] = "/tmp/kylin-nm-activecon-XXXXXX";
|
||||||
|
+ int fd = mkstemp(tmpTemplate);
|
||||||
|
+ if (fd == -1) {
|
||||||
|
+ syslog(LOG_ERR, "mkstemp() failed in kylin_network_get_activecon_info: %s", strerror(errno));
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- char *cmd;
|
||||||
|
- asprintf(&cmd, "%s%s%s", chr, tmpPrefix, name);
|
||||||
|
- char *path;
|
||||||
|
- asprintf(&path, "%s%s", tmpPrefix, name);
|
||||||
|
- int status = system(cmd);
|
||||||
|
- //int status = system("nmcli connection show -active > /tmp/activecon.txt");
|
||||||
|
- if (status != 0)
|
||||||
|
- syslog(LOG_ERR, "execute 'nmcli connection show -active' in function 'kylin_network_get_activecon_info' failed");
|
||||||
|
- free(cmd);
|
||||||
|
+ pid_t pid = fork();
|
||||||
|
+ if (pid == -1) {
|
||||||
|
+ syslog(LOG_ERR, "fork() in kylin_network_get_activecon_info failed");
|
||||||
|
+ close(fd);
|
||||||
|
+ unlink(tmpTemplate);
|
||||||
|
+ return NULL;
|
||||||
|
+ } else if (pid == 0) {
|
||||||
|
+ //Child process
|
||||||
|
+ dup2(fd, STDOUT_FILENO);
|
||||||
|
+ close(fd);
|
||||||
|
|
||||||
|
- char *filename = path;
|
||||||
|
+ execlp("nmcli", "nmcli", "connection", "show", "--active",(char *)NULL);
|
||||||
|
+
|
||||||
|
+ // If execlp() fails
|
||||||
|
+ syslog(LOG_ERR, "execlp() failed");
|
||||||
|
+ _exit(EXIT_FAILURE);
|
||||||
|
+ } else {
|
||||||
|
+ // Parent process
|
||||||
|
+ int status;
|
||||||
|
+ waitpid(pid, &status, 0);
|
||||||
|
+ if (status !=0 ) {
|
||||||
|
+ syslog(LOG_ERR, "execute 'nmcli connection show --active' in 'kylin_network_get_activecon_info' failed");
|
||||||
|
+ close(fd);
|
||||||
|
+ unlink(tmpTemplate);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ close(fd);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ char *filename = strdup(tmpTemplate);
|
||||||
|
|
||||||
|
FILE *activefp;
|
||||||
|
int activenum=0;
|
||||||
|
@@ -235,7 +259,6 @@ activecon *kylin_network_get_activecon_info()
|
||||||
|
printf("error!");
|
||||||
|
|
||||||
|
}
|
||||||
|
- free(path);
|
||||||
|
|
||||||
|
fgets(StrLine,1024,fp);
|
||||||
|
while(!feof(fp))
|
||||||
|
@@ -327,6 +350,8 @@ activecon *kylin_network_get_activecon_info()
|
||||||
|
}
|
||||||
|
fclose(fp);
|
||||||
|
|
||||||
|
+ unlink(tmpTemplate);
|
||||||
|
+
|
||||||
|
activelist[count].con_name=NULL;
|
||||||
|
activelist[count].type=NULL;
|
||||||
|
activelist[count].dev=NULL;
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
fix-security-issue-predictable-filenames-with-system
|
||||||
Loading…
Reference in New Issue