mirror of
https://git.yoctoproject.org/poky
synced 2026-02-09 10:13:03 +01:00
09f471bfd0
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277 (From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
16 lines
680 B
Diff
16 lines
680 B
Diff
Upstream-Status: Backport
|
|
|
|
--- a/subversion/svnserve/main.c
|
|
+++ b/subversion/svnserve/main.c
|
|
@@ -403,8 +403,9 @@ static svn_error_t *write_pid_file(const
|
|
const char *contents = apr_psprintf(pool, "%" APR_PID_T_FMT "\n",
|
|
getpid());
|
|
|
|
+ SVN_ERR(svn_io_remove_file2(filename, TRUE, pool));
|
|
SVN_ERR(svn_io_file_open(&file, filename,
|
|
- APR_WRITE | APR_CREATE | APR_TRUNCATE,
|
|
+ APR_WRITE | APR_CREATE | APR_EXCL,
|
|
APR_OS_DEFAULT, pool));
|
|
SVN_ERR(svn_io_file_write_full(file, contents, strlen(contents), NULL,
|
|
pool));
|