Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-firewall/firehol/files/firehol-1.273-CVE-2008-4953.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-firewall/firehol/files/firehol-1.273-CVE-2008-4953.patch')
-rw-r--r--net-firewall/firehol/files/firehol-1.273-CVE-2008-4953.patch58
1 files changed, 58 insertions, 0 deletions
diff --git a/net-firewall/firehol/files/firehol-1.273-CVE-2008-4953.patch b/net-firewall/firehol/files/firehol-1.273-CVE-2008-4953.patch
new file mode 100644
index 000000000000..99a958aa701f
--- /dev/null
+++ b/net-firewall/firehol/files/firehol-1.273-CVE-2008-4953.patch
@@ -0,0 +1,58 @@
+From 545db8cd292957158bf3fa1c1c370e4be83c6688 Mon Sep 17 00:00:00 2001
+From: Robert Buchholz <rbu@goodpoint.de>
+Date: Tue, 6 Jan 2009 23:26:00 +0100
+Subject: [PATCH] Use mktemp instead of relying that $$-$RANDOM-$RANDOM does not exist.
+
+References:
+* CVE-2008-4953
+* https://bugs.gentoo.org/246013
+---
+ firehol.sh | 25 +++++++++----------------
+ 1 files changed, 9 insertions(+), 16 deletions(-)
+
+diff --git a/firehol.sh b/firehol.sh
+index 6acb497..f5dba16 100755
+--- a/firehol.sh
++++ b/firehol.sh
+@@ -238,8 +238,15 @@ ${IPTABLES_CMD} -nxvL >/dev/null 2>&1
+ # ----------------------------------------------------------------------
+ # Directories and files
+
+-# These files will be created and deleted during our run.
+-FIREHOL_DIR="/tmp/.firehol-tmp-$$-${RANDOM}-${RANDOM}"
++# Create an empty temporary directory we need for this run.
++if ! FIREHOL_DIR="`mktemp -d -t .firehol-tmp-XXXXXX`"
++then
++ echo >&2
++ echo >&2
++ echo >&2 "Cannot create temporary directory."
++ echo >&2
++ exit 1
++fi
+ FIREHOL_CHAINS_DIR="${FIREHOL_DIR}/chains"
+ FIREHOL_OUTPUT="${FIREHOL_DIR}/firehol-out.sh"
+ FIREHOL_SAVED="${FIREHOL_DIR}/firehol-save.sh"
+@@ -329,20 +336,6 @@ then
+ "${CHMOD_CMD}" 700 "${FIREHOL_CONFIG_DIR}/services"
+ fi
+
+-# Remove any old directories that might be there.
+-if [ -d "${FIREHOL_DIR}" ]
+-then
+- "${RM_CMD}" -rf "${FIREHOL_DIR}"
+- if [ $? -ne 0 -o -e "${FIREHOL_DIR}" ]
+- then
+- echo >&2
+- echo >&2
+- echo >&2 "Cannot clean temporary directory '${FIREHOL_DIR}'."
+- echo >&2
+- exit 1
+- fi
+-fi
+-"${MKDIR_CMD}" "${FIREHOL_DIR}" || exit 1
+ "${MKDIR_CMD}" "${FIREHOL_CHAINS_DIR}" || exit 1
+
+ # prepare the file that will hold all modules to be loaded.
+--
+1.6.0.4
+