Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Issue #1689: create unique temporary file with g_file_open_tmp().
Not sure this is really solving the issue reported, which is that `g_get_tmp_dir()` uses environment variables (yet as g_file_open_tmp() uses g_get_tmp_dir()…). But at least g_file_open_tmp() should create unique temporary files, which prevents overriding existing files (which is most likely the only real attack possible here, or at least the only one I can think of unless some weird vulnerabilities exist in glib).
- Loading branch information
c21eff4
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CVE-2018-12713 was assigned to this issue.
Is this not just a test app? or is this part of the main gimp program?
c21eff4
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed this is just a unit test run when a dev/packager/other runs
make check
on the source code. This is not part of GIMP at all and nothing is installed with this code.I added a comment there to clarify: https://gitlab.gnome.org/GNOME/gimp/issues/1689#note_254032
I didn't know that a CVE had been opened for this. Thanks.