Author: sylvestre Date: Mon Jun 16 15:31:15 2014 New Revision: 211051 URL: http://llvm.org/viewvc/llvm-project?rev=211051&view=rev Log: Check that the directory does not exist. Otherwise, it could allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.
Reported as CVE-2014-2893 ( https://security-tracker.debian.org/tracker/CVE-2014-2893 ) Found by Jakub Wilk Modified: cfe/trunk/tools/scan-build/scan-build Modified: cfe/trunk/tools/scan-build/scan-build URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/scan-build/scan-build?rev=211051&r1=211050&r2=211051&view=diff ============================================================================== --- cfe/trunk/tools/scan-build/scan-build (original) +++ cfe/trunk/tools/scan-build/scan-build Mon Jun 16 15:31:15 2014 @@ -206,6 +206,12 @@ sub GetHTMLRunDir { else { $NewDir = "$Dir/$DateString-$RunNumber"; } + + # Make sure that the directory does not exist in order to avoid hijack. + if (-d $NewDir) { + DieDiag("The directory '$NewDir' already exists.\n"); + } + mkpath($NewDir); return $NewDir; } _______________________________________________ cfe-commits mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
