Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixes insecure use of temporary file (CVE-2014-4978).
  • Loading branch information
abrander committed Dec 3, 2014
1 parent 70f2da7 commit 9c2cd3c
Showing 1 changed file with 18 additions and 3 deletions.
21 changes: 18 additions & 3 deletions librawstudio/rs-filter.c
Expand Up @@ -772,17 +772,32 @@ void
rs_filter_graph(RSFilter *filter)
{
g_return_if_fail(RS_IS_FILTER(filter));
gchar *dot_filename;
gchar *png_filename;
gchar *command_line;
GString *str = g_string_new("digraph G {\n");

rs_filter_graph_helper(str, filter);

g_string_append_printf(str, "}\n");
g_file_set_contents("/tmp/rs-filter-graph", str->str, str->len, NULL);

if (0 != system("dot -Tpng >/tmp/rs-filter-graph.png </tmp/rs-filter-graph"))
/* Here we would like to use g_mkdtemp(), but due to a bug in upstream, that's impossible */
dot_filename = g_strdup_printf("/tmp/rs-filter-graph.%u", g_random_int());
png_filename = g_strdup_printf("%s.%u.png", dot_filename, g_random_int());

g_file_set_contents(dot_filename, str->str, str->len, NULL);

command_line = g_strdup_printf("dot -Tpng >%s <%s", png_filename, dot_filename);
if (0 != system(command_line))
g_warning("Calling dot failed");
if (0 != system("gnome-open /tmp/rs-filter-graph.png"))
g_free(command_line);

command_line = g_strdup_printf("gnome-open %s", png_filename);
if (0 != system(command_line))
g_warning("Calling gnome-open failed.");
g_free(command_line);

g_free(dot_filename);
g_free(png_filename);
g_string_free(str, TRUE);
}

0 comments on commit 9c2cd3c

Please sign in to comment.