GNU bug report logs - #21913
sed/utils.c temporary file handling code review

Previous Next

Package: sed;

Reported by: Stanislav Brabec <sbrabec <at> suse.com>

Date: Fri, 13 Nov 2015 19:37:01 UTC

Severity: normal

Tags: moreinfo

Done: Assaf Gordon <assafgordon <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Stanislav Brabec <sbrabec <at> suse.com>
To: <bug-sed <at> gnu.org>
Subject: Re: bug#21913: sed/utils.c temporary file handling code review
Date: Wed, 18 Nov 2015 19:09:15 +0100

Stanislav Brabec wrote:
> While trying to reproduce an obscure crash with temporary file experiencing
> file system error, I looked deeper into sed/utils.c. I found several strange
> things.
> 
Here is a detailed regression map:

commit 9c9919efe2166efd32409054005619062624226c (initial import in 2004)
imported the broken code vulnerable to double fclose() issue and leaving
orphan temporary files in some situations.

commit 9c9919efe2166efd32409054005619062624226c in 2004 introduced the
register_open_file() temporary file bug. No side effects yet.

commit 3a8e165ab02487c372df217c1989e287625ce0ae in 2006 started to really use
broken register_open_file() in ck_mkstemp() with third argument "true". It
caused a regression: keeping orphan files after even more errors than before,
but the regression hides the double fclose() vulnerability.

commit 768901548e280726f160a1da4434f3fde8f9921a in 2015 introduced
register_cleanup_file() that re-implements broken temporary removal feature
of register_open_file(). This change hides the register_open_file() temporary
file bug.

Both mentioned bugs are now present in the code, but probably cannot be
triggered.

-- 
Best Regards / S pozdravem,

Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o.                         e-mail: sbrabec <at> suse.com
Lihovarská 1060/12                            tel: +49 911 7405384547
190 00 Praha 9                                 fax:  +420 284 084 001
Czech Republic                                    http://www.suse.cz/
PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76
This bug report was last modified 6 years and 283 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.