Commit 38186d67 authored by Gerd Moellmann's avatar Gerd Moellmann
Browse files

Avoid security hole allowing attacker to

cause user of rcs2log to overwrite arbitrary files, fixing
a bug reported by Morten Welinder.

Don't put "exit 1" at the end of the exit trap; it's
ineffective in POSIX shells.
parent 04212fcb
......@@ -28,7 +28,7 @@ Options:
Report bugs to <bug-gnu-emacs@gnu.org>.'
Id='$Id: rcs2log,v 1.44 1998/08/12 14:22:14 eggert Exp eggert $'
Id='$Id: rcs2log,v 1.46 2001/01/02 18:50:14 eggert Exp $'
# Copyright 1992, 93, 94, 95, 96, 97, 1998 Free Software Foundation, Inc.
......@@ -300,10 +300,12 @@ case $# in
esac
esac
llogout=$TMPDIR/rcs2log$$l
rlogout=$TMPDIR/rcs2log$$r
logdir=$TMPDIR/rcs2log$$
llogout=$logdir/l
rlogout=$logdir/r
trap exit 1 2 13 15
trap "rm -f $llogout $rlogout; exit 1" 0
trap "rm -fr $logdir 2>/dev/null" 0
(umask 077 && exec mkdir $logdir) || exit
case $datearg in
?*) $rlog $rlog_options "$datearg" ${1+"$@"} >$rlogout;;
......@@ -670,7 +672,7 @@ $AWK '
# Exit successfully.
exec rm -f $llogout $rlogout
exec rm -fr $logdir
# Local Variables:
# tab-width:4
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment