$NetBSD: patch-aa,v 1.1.2.2 2008/04/20 08:51:34 rtr Exp $ Fix insecure temporary file handling in comicthumb utility. Eliminate insufficient escaping on shell calls for rar archives/jpegtran. --- mime/comicthumb.orig +++ mime/comicthumb @@ -22,6 +22,10 @@ import StringIO import re import shutil + +import subprocess +import tempfile + try: import Image except: @@ -48,9 +52,13 @@ sys.exit(1) # temp directory needed for multiple archives -if not os.path.exists('/tmp/comicthumb/'): - os.makedirs('/tmp/comicthumb/') - os.chmod('/tmp/comicthumb/', 0700) +#if not os.path.exists('/tmp/comicthumb/'): +# os.makedirs('/tmp/comicthumb/') +# os.chmod('/tmp/comicthumb/', 0700) +_tmp_dir = tempfile.mkdtemp(prefix='comixthumb', suffix=os.sep, + dir = '/tmp') +_tmp_dir += "/" + # return the first image in the list def first_image (filelist): @@ -101,10 +109,10 @@ else: subarchive = first_archive(zipfiles) if subarchive: - output = open("/tmp/comicthumb/archive%d" % (depth), "wb") + output = open( _tmp_dir + "archive%d" % (depth), "wb") output.write(zip.read(subarchive)) output.close() - return get_image("/tmp/comicthumb/archive%d" % (depth), + return get_image( _tmp_dir + "archive%d" % (depth), depth + 1) elif tarfile.is_tarfile(compressed_file): TYPE = TYPE or 'cbt' @@ -119,10 +127,10 @@ else: subarchive = first_archive(tarfiles) if subarchive: - output = open("/tmp/comicthumb/archive%d" % (depth), "wb") + output = open( _tmp_dir + "archive%d" % (depth), "wb") output.write(tar.extractfile(subarchive).read()) output.close() - return get_image("/tmp/comicthumb/archive%d" % (depth), + return get_image( _tmp_dir + "archive%d" % (depth), depth + 1) elif open(compressed_file, 'rb').read(4) == 'Rar!': TYPE = TYPE or 'cbr' @@ -138,20 +146,36 @@ if not rar: print "You must install unrar or rar to thumbnail RAR archives." sys.exit(1) - rarfiles = os.popen('%s vb "%s"' % (rar, compressed_file)).readlines() + #rarfiles = os.popen('%s vb "%s"' % (rar, compressed_file)).readlines() + rarfiles = subprocess.Popen([rar, 'vb', compressed_file], + stdout=subprocess.PIPE).communicate()[0].splitlines() for i in range(len(rarfiles)): rarfiles[i] = rarfiles[i].rstrip("\n") rarfiles.sort() cover = guessCover(rarfiles) if cover: - picture = StringIO.StringIO(os.popen('%s p -inul -- "%s" "%s"' - % (rar, compressed_file, cover), "r").read()) + #picture = StringIO.StringIO(os.popen('%s p -inul -- "%s" "%s"' + #% (rar, compressed_file, cover), "r").read()) + picture = StringIO.StringIO(subprocess.Popen( + [rar, 'p', '-inul', '--', compressed_file, cover], + stdout=subprocess.PIPE).stdout.read()) else: subarchive = first_archive(rarfiles) if subarchive: - os.popen('%s p -inul -- "%s" "%s" > "/tmp/comicthumb/archive%d"' - % (rar, compressed_file, subarchive, depth), "r") - return get_image("/tmp/comicthumb/archive%d" % (depth), + #os.popen('%s p -inul -- "%s" "%s" > "/tmp/comicthumb/archive%d"' + #% (rar, compressed_file, subarchive, depth), "r") + filen = _tmp_dir + "archive%d"%(depth) + try: + os.remove(filen) + except: + pass + fp = open(filen, 'w') + fdp = fp.fileno() + subprocess.Popen( + [rar, 'p', '-inul', '--', compressed_file, subarchive], + stdout = fdp).wait() + fp.close() + return get_image( _tmp_dir + "archive%d" % (depth), depth + 1) return picture @@ -207,8 +231,8 @@ exit_flag = 1 # remove tempory stuff -if os.path.isdir('/tmp/comicthumb/'): - shutil.rmtree('/tmp/comicthumb/') +if os.path.isdir(_tmp_dir): + shutil.rmtree(_tmp_dir) # and exit sys.exit(exit_flag) only in patch2: unchanged: