Package: devscripts
Version: 2.18.7
Tags: security
I've found quite a few bugs similar to #911720 in devscripts codebase.
Here are excerpts of buggy code (with boring parts omitted):
* cvs-debi, cvs-debrelease:
TEMPDIR=$(mktemp -dt cvs-debi.XXXXXXXX) || ...
TEMPFILE=$TEMPDIR/cl-tmp
trap "rm -f $TEMPFILE; rmdir $TEMPDIR" 0 1 2 3 7 10 13 15
* deb-reversion:
TMPDIR=$(mktemp -d --tmpdir deb-reversion.XXXXXX)
trap "rm -rf $TMPDIR" 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
* debsign:
trap "cleanup_tmpdir" EXIT HUP INT QUIT KILL SEGV PIPE TERM
mksigningdir () {
...
signingdir="$(mktemp -dt debsign.XXXXXXXX)" || ...
...
}
mkremotefilesdir () {
...
remotefilesdir="$(mktemp -dt debsign.XXXXXXXX)" || ...
...
}
...
cleanup_tmpdir () {
... # removes $remotefilesdir and $signingdir, but doesn't exit
}
* dscextract:
WORKDIR=$(mktemp -d --tmpdir dscextract.XXXXXX)
trap "rm -rf $WORKDIR" 0 2 3 15
* getbuildlog:
ALL_LOGS=`mktemp`
trap "rm -f $ALL_LOGS" EXIT INT QUIT TERM
* mergechanges:
OUTPUT=`tempfile`
DESCFILE=`tempfile`
trap "rm -f '${OUTPUT}' '${DESCFILE}'" 0 1 2 3 7 10 13 15
* pts-subscribe:
TEMPFILE=$(mktemp) || ...
trap "rm -f '$TEMPFILE'" 0 1 2 3 7 10 13 15
* wnpp-alert:
INSTALLED=`mktemp -t wnppalert-installed.XXXXXX`
trap "rm -f '$INSTALLED'" 0 1 2 3 7 10 13 15
WNPP=`mktemp -t wnppalert-wnpp.XXXXXX`
WNPPTMP=`mktemp -t wnppalert-wnpp.XXXXXX`
trap "rm -f '$INSTALLED' '$WNPP' '$WNPPTMP'" 0 1 2 3 7 10 13 15
WNPP_PACKAGES=`mktemp -t wnppalert-wnpp_packages.XXXXXX`
trap "rm -f '$INSTALLED' '$WNPP' '$WNPPTMP' '$WNPP_PACKAGES'" \
0 1 2 3 7 10 13 15
...
WNPP_DIFF=`mktemp -t wnppalert-wnpp_diff.XXXXXX`
trap "rm -f '$INSTALLED' '$WNPP' '$WNPPTMP' '$WNPP_PACKAGES'
'$WNPP_DIFF'" \
0 1 2 3 7 10 13 15
* wnpp-check:
WNPP=`mktemp -t wnppcheck-wnpp.XXXXXX`
WNPPTMP=`mktemp -t wnppcheck-wnpp.XXXXXX`
trap "rm -f '$WNPP' '$WNPPTMP'" 0 1 2 3 7 10 13 15
WNPP_PACKAGES=`mktemp -t wnppcheck-wnpp_packages.XXXXXX`
trap "rm -f '$WNPP' '$WNPPTMP' '$WNPP_PACKAGES'" \
0 1 2 3 7 10 13 15
--
Jakub Wilk
