Improve the security fix. maketempname is called from two contextes:

(a) to generate a new tempory file name -> O_EXCL logic applies here
(b) to regenerate the name of an older temporary file for removal
  -> don't create or even open the file here, just remove it.

Discussed with salo@.

2 files changed, 54 insertions, 12 deletions

diff --git a/devel/gtexinfo/distinfo b/devel/gtexinfo/distinfo
index 68ea9234329..2855afedbf5 100644
--- a/devel/gtexinfo/distinfo
+++ b/devel/gtexinfo/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.22 2005/10/10 15:14:49 salo Exp $
+$NetBSD: distinfo,v 1.23 2006/02/11 01:04:19 joerg Exp $
 
 SHA1 (texinfo-4.8.tar.bz2) = b19e906f7220294c1e8b087d583c50f5c4d7c420
 RMD160 (texinfo-4.8.tar.bz2) = 5cb82cd240d1f22da813c7142df8828b4f6f1ea4
@@ -9,4 +9,4 @@ SHA1 (patch-ac) = 01baf8634edcecab0b5edaeddf1e38811cab490d
 SHA1 (patch-ad) = c5c3374322eb8a2c8dfc7871971b73194ab1b14c
 SHA1 (patch-aj) = d9071c62c993550d253c9e1889880d4fccf7d278
 SHA1 (patch-ak) = 2cef2ae464ddb5324acae000420017d4faf7b145
-SHA1 (patch-al) = 5d50cfe1c783b91d5983e67e8fe8a33a0476b531
+SHA1 (patch-al) = 8221e5768cd8d3c292446995b18e6bc84a9dfa6e
diff --git a/devel/gtexinfo/patches/patch-al b/devel/gtexinfo/patches/patch-al
index 5097a8f3c82..ce9fc4b3eba 100644
--- a/devel/gtexinfo/patches/patch-al
+++ b/devel/gtexinfo/patches/patch-al
@@ -1,11 +1,15 @@
-$NetBSD: patch-al,v 1.1 2005/10/10 15:14:49 salo Exp $
+$NetBSD: patch-al,v 1.2 2006/02/11 01:04:19 joerg Exp $
 
-Security fix for CAN-2005-3011, from Ubuntu.
+Security fix for CAN-2005-3001.
 
 --- util/texindex.c.orig	2004-04-11 19:56:47.000000000 +0200
-+++ util/texindex.c	2005-10-10 16:46:44.000000000 +0200
-@@ -390,11 +390,12 @@
- maketempname (int count)
++++ util/texindex.c
+@@ -387,14 +387,15 @@ For more information about these matters
+ /* Return a name for temporary file COUNT. */
+ 
+ static char *
+-maketempname (int count)
++maketempname (int count, int can_exist)
  {
    static char *tempbase = NULL;
 +  char *tempname;
@@ -18,17 +22,55 @@ Security fix for CAN-2005-3011, from Ubuntu.
        tempbase = concat (tempdir, "txidxXXXXXX");
  
        fd = mkstemp (tempbase);
-@@ -403,7 +404,12 @@
+@@ -403,7 +404,14 @@ maketempname (int count)
      }
  
    sprintf (tempsuffix, ".%d", count);
 -  return concat (tempbase, tempsuffix);
 +  tempname = concat (tempbase, tempsuffix);
-+  fd = open (tempname, O_CREAT|O_EXCL|O_WRONLY, 0600);
-+  if (fd == -1)
-+    pfatal_with_name (tempname);
-+  close (fd);
++  if (!can_exist) {
++    fd = open (tempname, O_CREAT|O_EXCL|O_WRONLY, 0600);
++    if (fd == -1)
++      pfatal_with_name (tempname);
++    close (fd);
++  }
 +  return tempname;
  }
  
  
+@@ -415,7 +423,7 @@ flush_tempfiles (int to_count)
+   if (keep_tempfiles)
+     return;
+   while (last_deleted_tempcount < to_count)
+-    unlink (maketempname (++last_deleted_tempcount));
++    unlink (maketempname (++last_deleted_tempcount, 1));
+ }
+ 
+ 
+@@ -882,7 +890,7 @@ sort_offline (char *infile, off_t total,
+ 
+   for (i = 0; i < ntemps; i++)
+     {
+-      char *outname = maketempname (++tempcount);
++      char *outname = maketempname (++tempcount, 0);
+       FILE *ostream = fopen (outname, "w");
+       long tempsize = 0;
+ 
+@@ -930,7 +938,7 @@ fail:
+ 
+   for (i = 0; i < ntemps; i++)
+     {
+-      char *newtemp = maketempname (++tempcount);
++      char *newtemp = maketempname (++tempcount, 0);
+       sort_in_core (tempfiles[i], MAX_IN_CORE_SORT, newtemp);
+       if (!keep_tempfiles)
+         unlink (tempfiles[i]);
+@@ -1400,7 +1408,7 @@ merge_files (char **infiles, int nfiles,
+       int nf = MAX_DIRECT_MERGE;
+       if (i + 1 == ntemps)
+         nf = nfiles - i * MAX_DIRECT_MERGE;
+-      tempfiles[i] = maketempname (++tempcount);
++      tempfiles[i] = maketempname (++tempcount, 0);
+       value |= merge_direct (&infiles[i * MAX_DIRECT_MERGE], nf, tempfiles[i]);
+     }
+