rpms/audacity/F-8 audacity-1.3.2-CVE-2007-6061.patch,NONE,1.1

Sat May 3 07:04:19 UTC 2008

Author: mschwendt

Update of /cvs/pkgs/rpms/audacity/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15768/F-8

Added Files:
	audacity-1.3.2-CVE-2007-6061.patch 
Log Message:
* Sat May  3 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-21
- check ownership of temporary files directory (#436260) (CVE-2007-6061)


audacity-1.3.2-CVE-2007-6061.patch:

--- NEW FILE audacity-1.3.2-CVE-2007-6061.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp audacity-src-1.3.2-beta/src/AudacityApp.cpp
--- audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp	2006-10-29 01:05:26.000000000 +0200
+++ audacity-src-1.3.2-beta/src/AudacityApp.cpp	2008-05-02 17:46:49.000000000 +0200
@@ -821,7 +821,7 @@
    if (tempFromPrefs != wxT("")) {
       if (wxDirExists(tempFromPrefs))
          temp = tempFromPrefs;
-      else if (wxMkdir(tempFromPrefs))
+      else if (wxMkdir(tempFromPrefs, 0755))
          temp = tempFromPrefs;
    }
 
@@ -830,10 +830,21 @@
    if (temp==wxT("") && tempDefaultLoc != wxT("")) {
       if (wxDirExists(tempDefaultLoc))
          temp = tempDefaultLoc;
-      else if (wxMkdir(tempDefaultLoc))
+      else if (wxMkdir(tempDefaultLoc, 0755))
          temp = tempDefaultLoc;
    }
 
+   // Check temp directory ownership.
+   struct stat tempStatBuf;
+   if ( lstat(temp.mb_str(), &tempStatBuf) != 0 ) {
+      temp.clear();
+   }
+   else {
+      if ( geteuid() != tempStatBuf.st_uid ) {
+         temp.clear();
+      }
+   }
+
    if (temp == wxT("")) {
       // Failed
       wxMessageBox(_("Audacity could not find a place to store temporary files.\nPlease enter an appropriate directory in the preferences dialog."));


