mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-01-30 13:02:27 +01:00
3b5334bdbe
http://id3lib.sourceforge.net library for reading, writing, and manipulating ID3v1 and ID3v2 tags
56 lines
1.6 KiB
Diff
56 lines
1.6 KiB
Diff
This patch fixes an issues where temporary files were created in an insecure
|
|
way.
|
|
|
|
It was first intruduced in version 3.8.3-7 and fixes
|
|
http://bugs.debian.org/438540
|
|
--- a/src/tag_file.cpp
|
|
+++ b/src/tag_file.cpp
|
|
@@ -242,8 +242,8 @@
|
|
strcpy(sTempFile, filename.c_str());
|
|
strcat(sTempFile, sTmpSuffix.c_str());
|
|
|
|
-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
|
|
- // This section is for Windows folk && gcc 3.x folk
|
|
+#if !defined(HAVE_MKSTEMP)
|
|
+ // This section is for Windows folk
|
|
fstream tmpOut;
|
|
createFile(sTempFile, tmpOut);
|
|
|
|
@@ -257,7 +257,7 @@
|
|
tmpOut.write((char *)tmpBuffer, nBytes);
|
|
}
|
|
|
|
-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
|
|
+#else //!defined(HAVE_MKSTEMP)
|
|
|
|
// else we gotta make a temp file, copy the tag into it, copy the
|
|
// rest of the old file after the tag, delete the old file, rename
|
|
@@ -270,7 +270,7 @@
|
|
//ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
|
|
}
|
|
|
|
- ofstream tmpOut(fd);
|
|
+ ofstream tmpOut(sTempFile);
|
|
if (!tmpOut)
|
|
{
|
|
tmpOut.close();
|
|
@@ -285,14 +285,14 @@
|
|
uchar tmpBuffer[BUFSIZ];
|
|
while (file)
|
|
{
|
|
- file.read(tmpBuffer, BUFSIZ);
|
|
+ file.read((char *)tmpBuffer, BUFSIZ);
|
|
size_t nBytes = file.gcount();
|
|
- tmpOut.write(tmpBuffer, nBytes);
|
|
+ tmpOut.write((char *)tmpBuffer, nBytes);
|
|
}
|
|
|
|
close(fd); //closes the file
|
|
|
|
-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
|
|
+#endif ////!defined(HAVE_MKSTEMP)
|
|
|
|
tmpOut.close();
|
|
file.close();
|
|
|