Subject: elm 2.4 Patch #25
Summary: This is an official patch for elm 2.4 system.  Please apply it.
Priority: HIGH

Changes as per CERT advisory for temporary file race condition.

Fix:    From rn, say "| patch -p -N -d DIR", where DIR is your elm source
       directory.  Outside of rn, say "cd DIR; patch -p -N <thisarticle".
       If you don't have the patch program, apply the following by hand,
       or get patch (version 2.0, latest patchlevel).

       After patching:
               make
               make install

       If patch indicates that patchlevel is the wrong version, you may need
       to apply one or more previous patches, or the patch may already
       have been applied.  See the patchlevel.h file to find out what has or
       has not been applied.  In any event, don't continue with the patch.

       If you are missing previous patches they can be obtained from our:
       archive server.

       Syd Weinstein
       [email protected]

       The patches are available from the dsinc archive server
       Send the following message to [email protected] for
       a list of available patches:

       Subject: patch list
       send index elm

Index: hdrs/patchlevel.h
Prereq: "24"
*** ../elm2.4.24//hdrs/patchlevel.h     Fri Sep 23 21:37:45 1994
--- hdrs/patchlevel.h   Sat Nov 11 20:43:26 1995
***************
*** 1 ****
! #define PATCHLEVEL "24"
--- 1 ----
! #define PATCHLEVEL "25"
Index: hdrs/defs.h
Prereq:  5.35
*** ../elm2.4.24//hdrs/defs.h   Thu Sep  1 15:42:39 1994
--- hdrs/defs.h Sat Nov 11 20:54:07 1995
***************
*** 195,203 ****


 # define VERSION      "2.4"                           /* Version number... */
! # define VERS_DATE    "October 1, 1992"               /* for elm -v option */
 # define WHAT_STRING  \
!       "@(#) Version 2.4, USENET supported version, released October 1, 1992"

 #if defined(__STDC__) || defined(_AIX)
 # define ANSI_C 1
--- 195,203 ----


 # define VERSION      "2.4"                           /* Version number... */
! # define VERS_DATE    "November 11, 1995"             /* for elm -v option */
 # define WHAT_STRING  \
!       "@(#) Version 2.4, USENET supported version, released November 11, 1995"

 #if defined(__STDC__) || defined(_AIX)
 # define ANSI_C 1
Index: src/mailmsg2.c
Prereq:  5.39
*** ../elm2.4.24//src/mailmsg2.c        Mon May 30 13:24:48 1994
--- src/mailmsg2.c      Sat Nov 11 21:18:19 1995
***************
*** 335,341 ****
       char *whole_msg_file, *tempnam();
       char filename[SLEN], fname[SLEN], copy_file[SLEN],
              very_long_buffer[VERY_LONG_STRING], mailerflags[NLEN];
!       int ch, sys_status, line_len;
       register int retransmit = FALSE;
       int      already_has_text = FALSE;              /* we need an ADDRESS */
       int      signature_done = FALSE;
--- 335,341 ----
       char *whole_msg_file, *tempnam();
       char filename[SLEN], fname[SLEN], copy_file[SLEN],
              very_long_buffer[VERY_LONG_STRING], mailerflags[NLEN];
!       int ch, sys_status, line_len, filename_handle;
       register int retransmit = FALSE;
       int      already_has_text = FALSE;              /* we need an ADDRESS */
       int      signature_done = FALSE;
***************
*** 362,368 ****
       /** if we're not retransmitting, create the file.. **/

       if (! retransmit)
!         if ((reply = fopen(filename,"w")) == NULL) {
           err = errno;
           dprint(1, (debugfile,
                "Attempt to write to temp file %s failed with error %s (mail)\n",
--- 362,371 ----
       /** if we're not retransmitting, create the file.. **/

       if (! retransmit)
!         {
!           unlink(filename); /* we don't care if it fails since the open() will catch it*/
!           if ( ( (filename_handle = open(filename, O_RDWR|O_CREAT|O_EXCL,0600)) == -1) ||
!              ( (reply = fdopen(filename_handle, "w")) == NULL) ) {
           err = errno;
           dprint(1, (debugfile,
                "Attempt to write to temp file %s failed with error %s (mail)\n",
***************
*** 378,383 ****
--- 381,388 ----
               filename, error_description(errno));
           return(need_redraw);
         }
+       }
+

       (void) elm_chown(filename, userid, groupid);

Index: src/newmbox.c
Prereq:  5.36
*** ../elm2.4.24//src/newmbox.c Sat May 14 14:42:59 1994
--- src/newmbox.c       Sat Nov 11 20:43:27 1995
***************
*** 407,412 ****
--- 407,413 ----
       **/

       FILE *temp;
+         int temp_handle;
       struct header_rec *current_header = NULL;
       char buffer[VERY_LONG_STRING], tbuffer[VERY_LONG_STRING], *c;
       long fbytes = 0L, line_bytes = 0L, content_start = 0L,
***************
*** 426,432 ****
       if (folder_type == SPOOL) {
         lock(INCOMING);       /* ensure no mail arrives while we do this! */
         if (! add_new_only) {
!           if (access(cur_tempfolder, ACCESS_EXISTS) != -1) {
             /* Hey!  What the hell is this?  The temp file already exists? */
             /* Looks like a potential clash of processes on the same file! */

--- 427,433 ----
       if (folder_type == SPOOL) {
         lock(INCOMING);       /* ensure no mail arrives while we do this! */
         if (! add_new_only) {
!           if ( (temp_handle = open(cur_tempfolder, O_RDWR|O_CREAT|O_EXCL)) == -1) {
             /* Hey!  What the hell is this?  The temp file already exists? */
             /* Looks like a potential clash of processes on the same file! */

***************
*** 441,447 ****
               "Ahhhh... I give up."));
             silently_exit();  /* leave without tampering with it! */
           }
!           if ((temp = fopen(cur_tempfolder,"w")) == NULL) {

            fflush (mailfile);

--- 442,448 ----
               "Ahhhh... I give up."));
             silently_exit();  /* leave without tampering with it! */
           }
!           if ((temp = fdopen(temp_handle,"w")) == NULL) {

            fflush (mailfile);

***************
*** 461,467 ****
          copyit++;
          (void) elm_chown(cur_tempfolder, userid, groupid);
          chmod(cur_tempfolder, 0700); /* shut off file for other people! */
!        }
        else {
          /*
           * Used to open this file for append, however with the new
--- 462,468 ----
          copyit++;
          (void) elm_chown(cur_tempfolder, userid, groupid);
          chmod(cur_tempfolder, 0700); /* shut off file for other people! */
!         }
        else {
          /*
           * Used to open this file for append, however with the new
Index: src/remail.c
Prereq:  5.13
*** ../elm2.4.24//src/remail.c  Sun Sep 26 21:52:07 1993
--- src/remail.c        Sat Nov 11 20:43:27 1995
***************
*** 110,115 ****
--- 110,116 ----
       /** remail a message... returns TRUE if new foot needed ... **/

       FILE *mailfd;
+         int mailfd_handle;
       char entered[VERY_LONG_STRING], expanded[VERY_LONG_STRING];
       char *filename, buffer[VERY_LONG_STRING], ch;
       char mailerflags[NLEN];
***************
*** 132,138 ****
         return(1);
       }

!       if ((mailfd = fopen(filename, "w")) == NULL) {
         err = errno;
         dprint(1, (debugfile, "couldn't open temp file %s! (remail)\n",
                 filename));
--- 133,140 ----
         return(1);
       }

!         if ( ( (mailfd_handle = open(filename, O_RDWR|O_CREAT|O_EXCL,0600)) == -1) ||
!              ( (mailfd = fdopen(mailfd_handle, "w")) == NULL) ) {
         err = errno;
         dprint(1, (debugfile, "couldn't open temp file %s! (remail)\n",
                 filename));

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.