[Pkg-privacy-commits] [onionshare] 01/02: Patch for fix_CVE-2016-5026
Ulrike Uhlig
u-guest at moszumanska.debian.org
Thu May 26 21:50:17 UTC 2016
This is an automated email from the git hooks/post-receive script.
u-guest pushed a commit to branch debian
in repository onionshare.
commit 13cac879cce5d9814e1f7509a25269f28606f5d8
Author: Ulrike Uhlig <u at 451f.org>
Date: Thu May 26 22:51:59 2016 +0200
Patch for fix_CVE-2016-5026
---
debian/patches/fix_CVE-2016-5026 | 50 ++++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 51 insertions(+)
diff --git a/debian/patches/fix_CVE-2016-5026 b/debian/patches/fix_CVE-2016-5026
new file mode 100644
index 0000000..9b64d60
--- /dev/null
+++ b/debian/patches/fix_CVE-2016-5026
@@ -0,0 +1,50 @@
+Description: Fix CVE-2016-5026.
+ See http://www.openwall.com/lists/oss-security/2016/05/23/5 for details
+ on a potential convoluted attack. Basically, /tmp/onionshare is
+ a predictable name, which mean that a local attacker
+ could precreate it on a shared server and later mess with the hidden
+ service operations in various way.
+Author: Michael Scherer <misc at zarb.org>
+
+--- a/onionshare/hs.py
++++ b/onionshare/hs.py
+@@ -99,16 +99,7 @@
+ self.hidserv_dir = self.hidserv_dir.replace('\\', '/')
+
+ else:
+- path = '/tmp/onionshare'
+- try:
+- if not os.path.exists(path):
+- os.makedirs(path, 0700)
+- except:
+- raise HSDirError(strings._("error_hs_dir_cannot_create").format(path))
+- if not os.access(path, os.W_OK):
+- raise HSDirError(strings._("error_hs_dir_not_writable").format(path))
+-
+- self.hidserv_dir = tempfile.mkdtemp(dir=path)
++ self.hidserv_dir = tempfile.mkdtemp(suffix='onionshare',dir='/tmp')
+
+ self.cleanup_filenames.append(self.hidserv_dir)
+
+@@ -230,17 +221,17 @@
+ '80 127.0.0.1:33302'
+ ],
+ 'HiddenServiceDir': [
+- '/tmp/onionshare/tmplTfZZu',
+- '/tmp/onionshare/tmpchDai3'
++ '/tmp/onionsharetmplTfZZu',
++ '/tmp/onionsharetmpchDai3'
+ ]
+ }
+
+
+ Output will look like this:
+ [
+- ('HiddenServiceDir', '/tmp/onionshare/tmplTfZZu'),
++ ('HiddenServiceDir', '/tmp/onionsharetmplTfZZu'),
+ ('HiddenServicePort', '80 127.0.0.1:47906'),
+- ('HiddenServiceDir', '/tmp/onionshare/tmpchDai3'),
++ ('HiddenServiceDir', '/tmp/onionsharetmpchDai3'),
+ ('HiddenServicePort', '80 127.0.0.1:33302')
+ ]
+ """
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..5aea7fc
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+fix_CVE-2016-5026
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/onionshare.git
More information about the Pkg-privacy-commits
mailing list