Browse files

* TempFileCollection.cs: Bring in changes from HEAD for serialization

       security fix:
       * r57836: Implement explicitly some interface methods to get rid of
       the "!" errors on CorCompare.
       * r60253: Make sure generated file names are unique. Fixes bug #76125
       and #78230.
       * r65441: Create files in a temporary subdirectory, for security reasons.


svn path=/branches/mono-1-1-13-8/mcs/; revision=66309
  • Loading branch information...
1 parent 882a1b2 commit 7d44efe136a8b624639e244b407694012767d8b2 Wade Berrier committed Oct 5, 2006
View
10 mcs/class/System/System.CodeDom.Compiler/ChangeLog
@@ -1,3 +1,13 @@
+2006-10-05 Wade Berrier <wberrier@novell.com>
+
+ * TempFileCollection.cs: Bring in changes from HEAD for serialization
+ security fix:
+ * r57836: Implement explicitly some interface methods to get rid of
+ the "!" errors on CorCompare.
+ * r60253: Make sure generated file names are unique. Fixes bug #76125
+ and #78230.
+ * r65441: Create files in a temporary subdirectory, for security reasons.
+
2006-02-19 Zoltan Varga <vargaz@gmail.com>
* CodeDomProvider.cs: Fix the [ToolboxItem] attribute. Fixes #77513.
View
95 mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs
@@ -31,6 +31,7 @@
using System.IO;
using System.Security;
using System.Security.Permissions;
+using System.Runtime.InteropServices;
namespace System.CodeDom.Compiler {
@@ -45,6 +46,7 @@ public class TempFileCollection:ICollection, IEnumerable, IDisposable
bool keepfiles;
string basepath;
Random rnd;
+ string ownTempDir;
public TempFileCollection ()
: this (String.Empty, false)
@@ -67,19 +69,39 @@ public string BasePath
{
get {
if(basepath==null) {
- // note: this property *cannot* change TempDir property
- string temp = tempdir;
- if (temp.Length == 0) {
- // this call ensure the Environment permissions check
- temp = Path.GetTempPath ();
- }
-
+
if (rnd == null)
rnd = new Random ();
- string random = rnd.Next (10000,99999).ToString ();
- basepath = Path.Combine (temp, random);
+ // note: this property *cannot* change TempDir property
+ string temp = tempdir;
+ if (temp.Length == 0)
+ temp = GetOwnTempDir ();
+
+ // Create a temporary file at the target directory. This ensures
+ // that the generated file name is unique.
+ FileStream f = null;
+ do {
+ int num = rnd.Next ();
+ num++;
+ basepath = Path.Combine (temp, num.ToString("x"));
+ string path = basepath + ".tmp";
+ try {
+ f = new FileStream (path, FileMode.CreateNew);
+ }
+ catch (System.IO.IOException) {
+ f = null;
+ continue;
+ }
+ catch {
+ // avoid endless loop
+ throw;
+ }
+ } while (f == null);
+
+ f.Close ();
+
// and you must have discovery access to the combined path
// note: the cache behaviour is tested in the CAS tests
if (SecurityManager.SecurityEnabled) {
@@ -90,7 +112,39 @@ public string BasePath
return(basepath);
}
}
+
+ string GetOwnTempDir ()
+ {
+ if (ownTempDir != null)
+ return ownTempDir;
+
+ // this call ensure the Environment permissions check
+ string basedir = Path.GetTempPath ();
+
+ // Create a subdirectory with the correct user permissions
+ int res = -1;
+ do {
+ int num = rnd.Next ();
+ num++;
+ ownTempDir = Path.Combine (basedir, num.ToString("x"));
+ if (Directory.Exists (ownTempDir))
+ continue;
+ res = mkdir (ownTempDir, 0x1c0);
+ if (res != 0) {
+ if (!Directory.Exists (ownTempDir))
+ throw new IOException ();
+ // Somebody already created the dir, keep trying
+ }
+ } while (res != 0);
+ return ownTempDir;
+ }
+ int ICollection.Count {
+ get {
+ return filehash.Count;
+ }
+ }
+
public int Count
{
get {
@@ -163,17 +217,33 @@ void IDisposable.Dispose()
public void Delete()
{
- string[] filenames=new string[filehash.Count];
- filehash.Keys.CopyTo(filenames, 0);
+ bool allDeleted = true;
+ string[] filenames = new string[filehash.Count];
+ filehash.Keys.CopyTo (filenames, 0);
foreach(string file in filenames) {
if((bool)filehash[file]==false) {
File.Delete(file);
filehash.Remove(file);
- }
+ } else
+ allDeleted = false;
+ }
+ if (basepath != null) {
+ string tmpFile = basepath + ".tmp";
+ File.Delete (tmpFile);
+ basepath = null;
+ }
+ if (allDeleted && ownTempDir != null) {
+ Directory.Delete (ownTempDir, true);
+ ownTempDir = null;
}
}
+ IEnumerator IEnumerable.GetEnumerator ()
+ {
+ return(filehash.Keys.GetEnumerator());
+ }
+
public IEnumerator GetEnumerator()
{
return(filehash.Keys.GetEnumerator());
@@ -192,5 +262,6 @@ protected virtual void Dispose(bool disposing)
Dispose(false);
}
+ [DllImport ("libc")] private static extern int mkdir (string olpath, uint mode);
}
}

0 comments on commit 7d44efe

Please sign in to comment.