Branch: r14.0.x

49e5417d 2015-12-10 13:42:38 Slávek Banko 
Fix security issue CVE-2015-7543
[taken from Debian arts patches]
(cherry picked from commit bbb70b9ed2ffa5d4ee98e94db0c8a0d19f60c5ed)
M mcop/mcoputils.cc
 
diff --git a/mcop/mcoputils.cc b/mcop/mcoputils.cc
index 790927f..52eb78f 100644
--- a/mcop/mcoputils.cc
+++ b/mcop/mcoputils.cc
@@ -307,7 +307,8 @@
      unlink(kde_tmp_dir.c_str());
      user_tmp_dir += "XXXXXX";
      tmp_buf = strdup(user_tmp_dir.c_str());
-     mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
+     if (mkdtemp(tmp_buf) == NULL)
+	 return 1;
      result = create_link(kde_tmp_dir.c_str(), tmp_buf);
      free(tmp_buf);
      return result;
@@ -347,7 +348,8 @@
      unlink(kde_tmp_dir.c_str());
      user_tmp_dir += "XXXXXX";
      tmp_buf = strdup(user_tmp_dir.c_str());
-     mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
+     if (mkdtemp(tmp_buf) == NULL)
+	 return 1;
      result = create_link(kde_tmp_dir.c_str(), tmp_buf);
      free(tmp_buf);
      return result;
@@ -358,7 +360,8 @@
   unlink(kde_tmp_dir.c_str());
   user_tmp_dir += "XXXXXX";
   tmp_buf = strdup(user_tmp_dir.c_str());
-  mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
+  if (mkdtemp(tmp_buf) == NULL)
+      return 1;
   result = create_link(kde_tmp_dir.c_str(), tmp_buf);
   free(tmp_buf);
   return result;