tmpfile security hole
Eric Blake
ebb9@byu.net
Thu May 17 12:53:00 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Charles Wilson on 5/16/2007 10:40 PM:
> So, I'm trying to knock together this libtool patch for Steve, and I
> update newlib to latest.
>
> Boom, on i686-pc-linux-gnu:
>
> ../../../../../src/newlib/libc/stdio/tmpfile.c: In function '_tmpfile_r':
> ../../../../../src/newlib/libc/stdio/tmpfile.c:73: error: 'S_IRUSR'
> undeclared (first use in this function)
Indeed. fopen merely called open with a raw octal number, instead of
going through the S_* constants; this violates the current revision of
POSIX, where the S_* are permitted to have non-traditional values.
However, there is a move towards mandating S_IRUSR and friends have the
traditional values for the next revision of POSIX, because of the large
existing code base that fails to use S_*.
At any rate, I'm checking in your patch as obvious.
>
> 2007-05-17 Charles Wilson <...>
>
> * stdio/tmpfile.c: include <sys/stat.h>
> * stdio64/tmpfile64.c: ditto
>
- --
Don't work too hard, make some time for fun as well!
Eric Blake ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGTEa384KuGfSFAYARAg6cAJ43DaHvWtWPbvj97aPebDNnQmRVcQCdH718
LVeFbTohP93QatlXNIPYG6Q=
=Dd2h
-----END PGP SIGNATURE-----
More information about the Newlib
mailing list