diff options
| author | Glenn Morris | 2014-05-08 14:10:36 -0400 |
|---|---|---|
| committer | Glenn Morris | 2014-05-08 14:10:36 -0400 |
| commit | 4049faae9670133bbabcd0c7cf0280d90d5195ad (patch) | |
| tree | 2cb73eca4262fbb7771ed8e78cb1c86c1a2b04a6 | |
| parent | fa8e9c09f3b0696cd58941908f15d49aaf80fb56 (diff) | |
| download | emacs-4049faae9670133bbabcd0c7cf0280d90d5195ad.tar.gz emacs-4049faae9670133bbabcd0c7cf0280d90d5195ad.zip | |
* browse-url.el (browse-url-mosaic): Be careful when writing /tmp/Mosaic.PID.
This is CVE-2014-3423.
Fixes: debbugs:17428
| -rw-r--r-- | lisp/ChangeLog | 6 | ||||
| -rw-r--r-- | lisp/net/browse-url.el | 35 |
2 files changed, 21 insertions, 20 deletions
diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 333bc7fcf90..a09dd63a34f 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog | |||
| @@ -1,3 +1,9 @@ | |||
| 1 | 2014-05-08 Glenn Morris <rgm@gnu.org> | ||
| 2 | |||
| 3 | * net/browse-url.el (browse-url-mosaic): | ||
| 4 | Be careful when writing /tmp/Mosaic.PID. (Bug#17428) | ||
| 5 | This is CVE-2014-3423. | ||
| 6 | |||
| 1 | 2014-05-08 Stefan Monnier <monnier@iro.umontreal.ca> | 7 | 2014-05-08 Stefan Monnier <monnier@iro.umontreal.ca> |
| 2 | 8 | ||
| 3 | * xt-mouse.el: Drop spurious/oddly shaped events (bug#17378). | 9 | * xt-mouse.el: Drop spurious/oddly shaped events (bug#17378). |
diff --git a/lisp/net/browse-url.el b/lisp/net/browse-url.el index 4364490f431..80dffb3fa4a 100644 --- a/lisp/net/browse-url.el +++ b/lisp/net/browse-url.el | |||
| @@ -1333,31 +1333,26 @@ used instead of `browse-url-new-window-flag'." | |||
| 1333 | (let ((pidfile (expand-file-name browse-url-mosaic-pidfile)) | 1333 | (let ((pidfile (expand-file-name browse-url-mosaic-pidfile)) |
| 1334 | pid) | 1334 | pid) |
| 1335 | (if (file-readable-p pidfile) | 1335 | (if (file-readable-p pidfile) |
| 1336 | (save-excursion | 1336 | (with-temp-buffer |
| 1337 | (find-file pidfile) | 1337 | (insert-file-contents pidfile) |
| 1338 | (goto-char (point-min)) | 1338 | (setq pid (read (current-buffer))))) |
| 1339 | (setq pid (read (current-buffer))) | 1339 | (if (and (integerp pid) (zerop (signal-process pid 0))) ; Mosaic running |
| 1340 | (kill-buffer nil))) | 1340 | (progn |
| 1341 | (if (and pid (zerop (signal-process pid 0))) ; Mosaic running | 1341 | (with-temp-buffer |
| 1342 | (save-excursion | 1342 | (insert (if (browse-url-maybe-new-window new-window) |
| 1343 | ;; This is a predictable temp-file name, which is bad, | 1343 | "newwin\n" |
| 1344 | ;; but it is what Mosaic uses/used. | 1344 | "goto\n") |
| 1345 | ;; So it's not Emacs's problem. http://bugs.debian.org/747100 | 1345 | url "\n") |
| 1346 | (find-file (format "/tmp/Mosaic.%d" pid)) | 1346 | (if (file-exists-p (setq pidfile (format "/tmp/Mosaic.%d" pid))) |
| 1347 | (erase-buffer) | 1347 | (delete-file pidfile)) |
| 1348 | (insert (if (browse-url-maybe-new-window new-window) | 1348 | ;; http://debbugs.gnu.org/17428. Use O_EXCL. |
| 1349 | "newwin\n" | 1349 | (write-region nil nil pidfile nil 'silent nil 'excl)) |
| 1350 | "goto\n") | ||
| 1351 | url "\n") | ||
| 1352 | (save-buffer) | ||
| 1353 | (kill-buffer nil) | ||
| 1354 | ;; Send signal SIGUSR to Mosaic | 1350 | ;; Send signal SIGUSR to Mosaic |
| 1355 | (message "Signaling Mosaic...") | 1351 | (message "Signaling Mosaic...") |
| 1356 | (signal-process pid 'SIGUSR1) | 1352 | (signal-process pid 'SIGUSR1) |
| 1357 | ;; Or you could try: | 1353 | ;; Or you could try: |
| 1358 | ;; (call-process "kill" nil 0 nil "-USR1" (int-to-string pid)) | 1354 | ;; (call-process "kill" nil 0 nil "-USR1" (int-to-string pid)) |
| 1359 | (message "Signaling Mosaic...done") | 1355 | (message "Signaling Mosaic...done")) |
| 1360 | ) | ||
| 1361 | ;; Mosaic not running - start it | 1356 | ;; Mosaic not running - start it |
| 1362 | (message "Starting %s..." browse-url-mosaic-program) | 1357 | (message "Starting %s..." browse-url-mosaic-program) |
| 1363 | (apply 'start-process "xmosaic" nil browse-url-mosaic-program | 1358 | (apply 'start-process "xmosaic" nil browse-url-mosaic-program |