Skip to content

Commit 4e9f367

Browse files
committed
Removed tempfile.mktemp, fixes CVE-2014-1932 CVE-2014-1933, debian bug #737059
1 parent b1b88cf commit 4e9f367

File tree

4 files changed

+18
-10
lines changed

4 files changed

+18
-10
lines changed

Diff for: PIL/EpsImagePlugin.py

+2-1
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,8 @@ def Ghostscript(tile, size, fp, scale=1):
6767

6868
import tempfile, os, subprocess
6969

70-
file = tempfile.mktemp()
70+
out_fd, file = tempfile.mkstemp()
71+
os.close(out_fd)
7172

7273
# Build ghostscript command
7374
command = ["gs",

Diff for: PIL/Image.py

+6-3
Original file line numberDiff line numberDiff line change
@@ -495,14 +495,17 @@ def _copy(self):
495495
self.readonly = 0
496496

497497
def _dump(self, file=None, format=None):
498-
import tempfile
498+
import tempfile, os
499499
if not file:
500-
file = tempfile.mktemp()
500+
f, file = tempfile.mkstemp(format or '')
501+
os.close(f)
502+
501503
self.load()
502504
if not format or format == "PPM":
503505
self.im.save_ppm(file)
504506
else:
505-
file = file + "." + format
507+
if file.endswith(format):
508+
file = file + "." + format
506509
self.save(file, format)
507510
return file
508511

Diff for: PIL/IptcImagePlugin.py

+2-2
Original file line numberDiff line numberDiff line change
@@ -172,8 +172,8 @@ def load(self):
172172
self.fp.seek(offset)
173173

174174
# Copy image data to temporary file
175-
outfile = tempfile.mktemp()
176-
o = open(outfile, "wb")
175+
o_fd, outfile = tempfile.mkstemp(text=False)
176+
o = os.fdopen(o_fd)
177177
if encoding == "raw":
178178
# To simplify access to the extracted file,
179179
# prepend a PPM header

Diff for: PIL/JpegImagePlugin.py

+8-4
Original file line numberDiff line numberDiff line change
@@ -344,13 +344,17 @@ def load_djpeg(self):
344344
# ALTERNATIVE: handle JPEGs via the IJG command line utilities
345345

346346
import tempfile, os
347-
file = tempfile.mktemp()
348-
os.system("djpeg %s >%s" % (self.filename, file))
347+
f, path = tempfile.mkstemp()
348+
os.close(f)
349+
if os.path.exists(self.filename):
350+
os.system("djpeg '%s' >'%s'" % (self.filename, path))
351+
else:
352+
raise ValueError("Invalid Filename")
349353

350354
try:
351-
self.im = Image.core.open_ppm(file)
355+
self.im = Image.core.open_ppm(path)
352356
finally:
353-
try: os.unlink(file)
357+
try: os.unlink(path)
354358
except: pass
355359

356360
self.mode = self.im.mode

0 commit comments

Comments
 (0)