Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 829632 Details for
Bug 1031096
perl-HTTP-Tiny: error checking in mirror sub
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
[PATCH] Do not use already existing temporary files
-Do-not-use-already-existing-temporary-files.patch (text/plain), 1.43 KB, created by
Petr Pisar
on 2013-11-27 10:08:15 UTC
(
hide
)
Description:
[PATCH] Do not use already existing temporary files
Filename:
MIME Type:
Creator:
Petr Pisar
Created:
2013-11-27 10:08:15 UTC
Size:
1.43 KB
patch
obsolete
>From 22abca21379b81e53b2e2a714db5edb77864f52d Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> >Date: Wed, 27 Nov 2013 10:58:07 +0100 >Subject: [PATCH] Do not use already existing temporary files >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >mirror() method tries to create a new temporary file as can be >concluded by using random name. > >To prevent from from attacks, one has to make sure the file does not >exist. This patch creates temporary files with O_CREAT|O_EXCL mode. > >Signed-off-by: Petr PÃsaÅ <ppisar@redhat.com> >--- > lib/HTTP/Tiny.pm | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/lib/HTTP/Tiny.pm b/lib/HTTP/Tiny.pm >index 5d494c0..cc2cc04 100644 >--- a/lib/HTTP/Tiny.pm >+++ b/lib/HTTP/Tiny.pm >@@ -6,6 +6,7 @@ use warnings; > # VERSION > > use Carp (); >+use Fcntl (); > > =method new > >@@ -206,8 +207,8 @@ sub mirror { > $args->{headers}{'if-modified-since'} ||= $self->_http_date($mtime); > } > my $tempfile = $file . int(rand(2**31)); >- open my $fh, ">", $tempfile >- or Carp::croak(qq/Error: Could not open temporary file $tempfile for downloading: $!\n/); >+ sysopen my $fh, $tempfile, Fcntl::O_CREAT|Fcntl::O_EXCL|Fcntl::O_WRONLY >+ or Carp::croak(qq/Error: Could not create temporary file $tempfile for downloading: $!\n/); > binmode $fh; > $args->{data_callback} = sub { > print {$fh} $_[0] >-- >1.8.3.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1031096
:
829631
| 829632