You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@poi.apache.org by bu...@apache.org on 2014/07/22 10:59:08 UTC
[Bug 56757] New: [PATCH] Possible symlink race condition
vulnerability when creating temp files
https://issues.apache.org/bugzilla/show_bug.cgi?id=56757
Bug ID: 56757
Summary: [PATCH] Possible symlink race condition vulnerability
when creating temp files
Product: POI
Version: 3.11-dev
Hardware: PC
Status: NEW
Severity: major
Priority: P2
Component: POI Overall
Assignee: dev@poi.apache.org
Reporter: raul.wegmann@qrr.es
Created attachment 31839
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31839&action=edit
Fix for symlink race condition vulnerability when creating temp files
The org.apache.poi.util.TempFile.createTempFile() method generates a random
file name and checks whether a file with that name already exists, but it does
neither create the file nor check and create it atomically.
As far as I see (but please correct me if I'm wrong) this constitutes a symlink
race condition vulnerability.
The attached patch fixes this by delegating the temp file creation to Java's
File.createTempFile() method.
The patch contains two small API changes:
- TempFile.createTempFile() now throws an IOException as it creates the file.
- I deleted the org.apache.poi.util.PackageHelper.createTempFile() method as it
is not used by POI and would actively re-enable the race condition
vulnerability by deleting the newly created file.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 56757] [PATCH] Possible symlink race condition vulnerability
when creating temp files
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56757
Nick Burch <ap...@gagravarr.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
OS| |All
--- Comment #1 from Nick Burch <ap...@gagravarr.org> ---
I believe that the patch for this was rolled into GitHub Pull #10, which was
applied in r1613246, so closing this one too, thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org