lha is broken in gutsy amd64
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lha (Debian) |
Fix Released
|
Unknown
|
|||
lha (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: lha
lha ao5g books.lzh *.txt
LHa: Fatal error: /tmp/lhxuroBy: File exists
strace shows that lha tries to open file twice
stat("books.lzh", {st_mode=
open("books.lzh", O_RDONLY) = 4
gettimeofday(
getpid() = 10261
open("/
rt_sigaction(
rt_sigaction(
umask(077) = 022
open("/
write(2, "LHa: Fatal error: ", 18LHa: Fatal error: ) = 18
write(2, "/tmp/lhN1sX5j: File exists\n", 27/tmp/lhN1sX5j: File exists
lha from fiesty works OK.
CVE References
Changed in lha: | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in lha: | |
status: | Unknown → Fix Released |
The security patch 2007-2030 (see for instance http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2007- 2030) seems to be quite badly conceived.
It mixes two things:
- makes sure that some buffers are zero-terminated
- introduces a new fopen for temporary files which includes the O_CREAT and O_EXCL flags
the problem with this latter is that the temporary file is already created with mkstemp, so this new call just make the program exit with an error and makes it totally unusable.
Since this fix doesn't seem to be needed at all (mkstemp already open the temporary file with these flags, and it uses mode 0600 since glibc 2.0.7) shouldn't we simply remove this part of the fix?