calibre

Makes use of tempfile.mktemp

Bug #885245 reported by David
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
calibre
Fix Released
Undecided
Unassigned

Bug Description

Several modules in src/calibre/rtf2xml/ make use of tempfile.mktemp in an insecure fashion. This results in the code being vulnerable to Insecure temporary file. As an example ebooks/rtf2xml/pict.py uses mktemp in the __init__ constructor/method like this -->

self.__write_to = tempfile.mktemp()

and the self.__write_to is referenced later in process_pict, where it is opened like this --> (line 145)
            with open(self.__write_to, 'w') as write_obj:

and data is copied into the file (if it is to be copied)
via -->
copy_obj.copy_file(self.__write_to, "pict.data")
which ends up calling shutil.copyfile which will end up copying the pict.data file to the self.__write_to file location. As self.__write_to maybe a symbolic link, this may mean that another user file maybe over-written (e.g. ~/.bashrc).

Related branches

lp:calibre
Revision history for this message
Kovid Goyal (kovid) wrote : Fixed in lp:calibre

Fixed in branch lp:calibre. The fix will be in the next release. calibre is usually released every Friday.

 status fixreleased

Changed in calibre:
status: New → Fix Released
David (d--)
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.