[Pkg-privacy-commits] [onionshare] 09/55: Fix CVE-2016-5026

Ulrike Uhlig u-guest at moszumanska.debian.org
Thu Sep 8 10:26:28 UTC 2016 

This is an automated email from the git hooks/post-receive script.

u-guest pushed a commit to branch debian
in repository onionshare.

commit 70c55511b13ae04b2108b8cb23177bac04542d1b
Author: Michael Scherer <misc at redhat.com>
Date:   Mon May 23 20:45:07 2016 +0200

    Fix CVE-2016-5026
    
    See http://www.openwall.com/lists/oss-security/2016/05/23/5 for details
    on a potential convoluted attack. Basically,  /tmp/onionshare is
    a predictable name, which mean that a local attacker
    could precreate it on a shared server and later mess with the hidden
    service operations in various way.
---
 onionshare/hs.py | 19 +++++--------------
 1 file changed, 5 insertions(+), 14 deletions(-)

diff --git a/onionshare/hs.py b/onionshare/hs.py
index 86a917b..945dd0e 100644
--- a/onionshare/hs.py
+++ b/onionshare/hs.py
@@ -102,16 +102,7 @@ class HS(object):
                 self.hidserv_dir = self.hidserv_dir.replace('\\', '/')
 
             else:
-                path = '/tmp/onionshare'
-                try:
-                    if not os.path.exists(path):
-                        os.makedirs(path, 0o700)
-                except:
-                    raise HSDirError(strings._("error_hs_dir_cannot_create").format(path))
-                if not os.access(path, os.W_OK):
-                    raise HSDirError(strings._("error_hs_dir_not_writable").format(path))
-
-                self.hidserv_dir = tempfile.mkdtemp(dir=path)
+                self.hidserv_dir = tempfile.mkdtemp(suffix='onionshare',dir='/tmp')
 
             self.cleanup_filenames.append(self.hidserv_dir)
 
@@ -233,17 +224,17 @@ class HS(object):
                 '80 127.0.0.1:33302'
             ],
             'HiddenServiceDir': [
-                '/tmp/onionshare/tmplTfZZu',
-                '/tmp/onionshare/tmpchDai3'
+                '/tmp/onionsharelTfZZu',
+                '/tmp/onionsharechDai3'
             ]
         }
 
 
         Output will look like this:
         [
-            ('HiddenServiceDir', '/tmp/onionshare/tmplTfZZu'),
+            ('HiddenServiceDir', '/tmp/onionsharelTfZZu'),
             ('HiddenServicePort', '80 127.0.0.1:47906'),
-            ('HiddenServiceDir', '/tmp/onionshare/tmpchDai3'),
+            ('HiddenServiceDir', '/tmp/onionsharechDai3'),
             ('HiddenServicePort', '80 127.0.0.1:33302')
         ]
         """

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/onionshare.git

More information about the Pkg-privacy-commits mailing list