[Pkg-privacy-commits] [onionshare] 01/03: Patch for fix_CVE-2016-5026

Ulrike Uhlig u-guest at moszumanska.debian.org
Mon May 30 10:37:30 UTC 2016


This is an automated email from the git hooks/post-receive script.

u-guest pushed a commit to branch jessie-backports
in repository onionshare.

commit b9a04fa593655527c6bd723c86bce29f0d994ee6
Author: Ulrike Uhlig <u at 451f.org>
Date:   Thu May 26 22:51:59 2016 +0200

    Patch for fix_CVE-2016-5026
---
 debian/patches/fix_CVE-2016-5026 | 50 ++++++++++++++++++++++++++++++++++++++++
 debian/patches/series            |  1 +
 2 files changed, 51 insertions(+)

diff --git a/debian/patches/fix_CVE-2016-5026 b/debian/patches/fix_CVE-2016-5026
new file mode 100644
index 0000000..9b64d60
--- /dev/null
+++ b/debian/patches/fix_CVE-2016-5026
@@ -0,0 +1,50 @@
+Description: Fix CVE-2016-5026.
+ See http://www.openwall.com/lists/oss-security/2016/05/23/5 for details
+ on a potential convoluted attack. Basically, /tmp/onionshare is
+ a predictable name, which mean that a local attacker
+ could precreate it on a shared server and later mess with the hidden
+ service operations in various way.
+Author: Michael Scherer <misc at zarb.org>
+
+--- a/onionshare/hs.py
++++ b/onionshare/hs.py
+@@ -99,16 +99,7 @@
+                 self.hidserv_dir = self.hidserv_dir.replace('\\', '/')
+
+             else:
+-                path = '/tmp/onionshare'
+-                try:
+-                    if not os.path.exists(path):
+-                        os.makedirs(path, 0700)
+-                except:
+-                    raise HSDirError(strings._("error_hs_dir_cannot_create").format(path))
+-                if not os.access(path, os.W_OK):
+-                    raise HSDirError(strings._("error_hs_dir_not_writable").format(path))
+-
+-                self.hidserv_dir = tempfile.mkdtemp(dir=path)
++                self.hidserv_dir = tempfile.mkdtemp(suffix='onionshare',dir='/tmp')
+
+             self.cleanup_filenames.append(self.hidserv_dir)
+
+@@ -230,17 +221,17 @@
+                 '80 127.0.0.1:33302'
+             ],
+             'HiddenServiceDir': [
+-                '/tmp/onionshare/tmplTfZZu',
+-                '/tmp/onionshare/tmpchDai3'
++                '/tmp/onionsharetmplTfZZu',
++                '/tmp/onionsharetmpchDai3'
+             ]
+         }
+
+
+         Output will look like this:
+         [
+-            ('HiddenServiceDir', '/tmp/onionshare/tmplTfZZu'),
++            ('HiddenServiceDir', '/tmp/onionsharetmplTfZZu'),
+             ('HiddenServicePort', '80 127.0.0.1:47906'),
+-            ('HiddenServiceDir', '/tmp/onionshare/tmpchDai3'),
++            ('HiddenServiceDir', '/tmp/onionsharetmpchDai3'),
+             ('HiddenServicePort', '80 127.0.0.1:33302')
+         ]
+         """
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..5aea7fc
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+fix_CVE-2016-5026

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/onionshare.git



More information about the Pkg-privacy-commits mailing list