1 |
luigiwalser |
399969 |
diff -up hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp |
2 |
|
|
--- hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp.CVE-2013-0200 2013-01-22 10:57:13.651460928 +0000 |
3 |
|
|
+++ hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp 2013-01-22 10:57:34.087541538 +0000 |
4 |
|
|
@@ -637,19 +637,22 @@ int HPCupsFilter::processRasterData(cups |
5 |
|
|
{ |
6 |
|
|
char szFileName[32]; |
7 |
|
|
memset(szFileName, 0, sizeof(szFileName)); |
8 |
|
|
- snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp", current_page_number); |
9 |
|
|
+ snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp.XXXXXX", current_page_number); |
10 |
|
|
if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW || |
11 |
|
|
cups_header.cupsColorSpace == CUPS_CSPACE_RGB) |
12 |
|
|
{ |
13 |
|
|
- cfp = fopen (szFileName, "w"); |
14 |
|
|
- chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
15 |
|
|
+ int fd = mkstemp (szFileName); |
16 |
|
|
+ if (fd != -1) |
17 |
|
|
+ cfp = fdopen (fd, "w"); |
18 |
|
|
} |
19 |
|
|
if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW || |
20 |
|
|
cups_header.cupsColorSpace == CUPS_CSPACE_K) |
21 |
|
|
{ |
22 |
|
|
- szFileName[17] = 'k'; |
23 |
|
|
- kfp = fopen (szFileName, "w"); |
24 |
|
|
- chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
25 |
|
|
+ int fd; |
26 |
|
|
+ snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterk_%d.bmp.XXXXXX", current_page_number); |
27 |
|
|
+ fd = mkstemp (szFileName); |
28 |
|
|
+ if (fd != -1) |
29 |
|
|
+ kfp = fdopen (fd, "w"); |
30 |
|
|
} |
31 |
|
|
dbglog("9......\n"); |
32 |
|
|
WriteBMPHeader (cfp, cups_header.cupsWidth, cups_header.cupsHeight, COLOR_RASTER); |
33 |
|
|
diff -up hplip-3.12.4/prnt/hpcups/SystemServices.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpcups/SystemServices.cpp |
34 |
|
|
--- hplip-3.12.4/prnt/hpcups/SystemServices.cpp.CVE-2013-0200 2012-04-10 09:32:37.000000000 +0100 |
35 |
|
|
+++ hplip-3.12.4/prnt/hpcups/SystemServices.cpp 2013-01-22 10:57:34.088541545 +0000 |
36 |
|
|
@@ -36,10 +36,12 @@ SystemServices::SystemServices(int iLogL |
37 |
|
|
m_fp = NULL; |
38 |
|
|
if (iLogLevel & SAVE_PCL_FILE) |
39 |
|
|
{ |
40 |
|
|
+ int fd; |
41 |
|
|
char fname[32]; |
42 |
|
|
- sprintf(fname, "/tmp/hpcups_job%d.out", job_id); |
43 |
|
|
- m_fp = fopen(fname, "w"); |
44 |
|
|
- chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
45 |
|
|
+ sprintf(fname, "/tmp/hpcups_job%d.out.XXXXXX", job_id); |
46 |
|
|
+ fd = mkstemp (fname); |
47 |
|
|
+ if (fd != -1) |
48 |
|
|
+ m_fp = fdopen(fd, "w"); |
49 |
|
|
} |
50 |
|
|
} |
51 |
|
|
|
52 |
|
|
diff -up hplip-3.12.4/prnt/hpijs/hpijs.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpijs/hpijs.cpp |
53 |
|
|
--- hplip-3.12.4/prnt/hpijs/hpijs.cpp.CVE-2013-0200 2013-01-22 10:57:12.219455275 +0000 |
54 |
|
|
+++ hplip-3.12.4/prnt/hpijs/hpijs.cpp 2013-01-22 10:57:34.089541549 +0000 |
55 |
|
|
@@ -96,13 +96,12 @@ void setLogLevel(UXServices *pSS) |
56 |
|
|
|
57 |
|
|
if (pSS->m_iLogLevel & SAVE_PCL_FILE) |
58 |
|
|
{ |
59 |
|
|
+ int fd; |
60 |
|
|
char szFileName[32]; |
61 |
|
|
- sprintf (szFileName, "/tmp/hpijs_%d.out", getpid()); |
62 |
|
|
- pSS->outfp = fopen (szFileName, "w"); |
63 |
|
|
- if (pSS->outfp) |
64 |
|
|
- { |
65 |
|
|
- chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
66 |
|
|
- } |
67 |
|
|
+ sprintf (szFileName, "/tmp/hpijs_%d.out.XXXXXX", getpid()); |
68 |
|
|
+ fd = mkstemp (szFileName); |
69 |
|
|
+ if (fd != -1) |
70 |
|
|
+ pSS->outfp = fdopen (fd, "w"); |
71 |
|
|
} |
72 |
|
|
} |
73 |
|
|
|
74 |
|
|
diff -up hplip-3.12.4/prnt/hpps/hppsfilter.c.CVE-2013-0200 hplip-3.12.4/prnt/hpps/hppsfilter.c |
75 |
|
|
--- hplip-3.12.4/prnt/hpps/hppsfilter.c.CVE-2013-0200 2012-04-10 09:32:37.000000000 +0100 |
76 |
|
|
+++ hplip-3.12.4/prnt/hpps/hppsfilter.c 2013-01-22 10:57:34.089541549 +0000 |
77 |
|
|
@@ -92,10 +92,12 @@ void open_dbg_outfile(char* szjob_id) |
78 |
|
|
g_fp_outdbgps = NULL; |
79 |
|
|
if (g_savepsfile & SAVE_PS_FILE) |
80 |
|
|
{ |
81 |
|
|
+ int fd; |
82 |
|
|
char sfile_name[FILE_NAME_SIZE] = {0}; |
83 |
|
|
- sprintf(sfile_name, DBG_PSFILE, szjob_id); |
84 |
|
|
- g_fp_outdbgps= fopen(sfile_name, "w"); |
85 |
|
|
- chmod(sfile_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
86 |
|
|
+ sprintf(sfile_name, DBG_PSFILE ".XXXXXX", szjob_id); |
87 |
|
|
+ fd = mkstemp (sfile_name); |
88 |
|
|
+ if (fd != -1) |
89 |
|
|
+ g_fp_outdbgps = fdopen(fd, "w"); |
90 |
|
|
} |
91 |
|
|
} |
92 |
|
|
|