calibre: e-book management

Makes use of tempfile.mktemp

Reported by David on 2011-11-02
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
calibre
Undecided
Unassigned

Bug Description

Several modules in src/calibre/rtf2xml/ make use of tempfile.mktemp in an insecure fashion. This results in the code being vulnerable to Insecure temporary file. As an example ebooks/rtf2xml/pict.py uses mktemp in the __init__ constructor/method like this -->

self.__write_to = tempfile.mktemp()

and the self.__write_to is referenced later in process_pict, where it is opened like this --> (line 145)
            with open(self.__write_to, 'w') as write_obj:

and data is copied into the file (if it is to be copied)
via -->
copy_obj.copy_file(self.__write_to, "pict.data")
which ends up calling shutil.copyfile which will end up copying the pict.data file to the self.__write_to file location. As self.__write_to maybe a symbolic link, this may mean that another user file maybe over-written (e.g. ~/.bashrc).

Related branches

Fixed in branch lp:calibre. The fix will be in the next release. calibre is usually released every Friday.

 status fixreleased

Changed in calibre:
status: New → Fix Released
David (d--) on 2011-11-05
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers