91 строка
3.1 KiB
Diff
91 строка
3.1 KiB
Diff
From 53837ad424b08e65459d1d655e8aeef85dacb1fe Mon Sep 17 00:00:00 2001
|
|
From: Suresh Thelkar <sthelkar@microsoft.com>
|
|
Date: Fri, 14 Jun 2024 11:47:05 +0530
|
|
Subject: [PATCH] Patch CVE-2024-5742
|
|
|
|
Upstream patch details can be found from the following
|
|
https://git.savannah.gnu.org/cgit/nano.git/commit/?id=5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2
|
|
---
|
|
src/definitions.h | 2 +-
|
|
src/files.c | 13 ++++++++++++-
|
|
src/nano.c | 11 +----------
|
|
3 files changed, 14 insertions(+), 12 deletions(-)
|
|
|
|
diff --git a/src/definitions.h b/src/definitions.h
|
|
index eed5f10..22953fd 100644
|
|
--- a/src/definitions.h
|
|
+++ b/src/definitions.h
|
|
@@ -269,7 +269,7 @@ typedef enum {
|
|
} message_type;
|
|
|
|
typedef enum {
|
|
- OVERWRITE, APPEND, PREPEND
|
|
+ OVERWRITE, APPEND, PREPEND, EMERGENCY
|
|
} kind_of_writing_type;
|
|
|
|
typedef enum {
|
|
diff --git a/src/files.c b/src/files.c
|
|
index 9c41936..6a8ff5f 100644
|
|
--- a/src/files.c
|
|
+++ b/src/files.c
|
|
@@ -1760,6 +1760,8 @@ bool write_file(const char *name, FILE *thefile, bool normal,
|
|
#endif
|
|
char *realname = real_dir_from_tilde(name);
|
|
/* The filename after tilde expansion. */
|
|
+ int fd = 0;
|
|
+ /* The descriptor that is assigned when opening the file. */
|
|
char *tempname = NULL;
|
|
/* The name of the temporary file we use when prepending. */
|
|
linestruct *line = openfile->filetop;
|
|
@@ -1843,7 +1845,6 @@ bool write_file(const char *name, FILE *thefile, bool normal,
|
|
* For an emergency file, access is restricted to just the owner. */
|
|
if (thefile == NULL) {
|
|
mode_t permissions = (normal ? RW_FOR_ALL : S_IRUSR|S_IWUSR);
|
|
- int fd;
|
|
|
|
#ifndef NANO_TINY
|
|
block_sigwinch(TRUE);
|
|
@@ -1970,6 +1971,16 @@ bool write_file(const char *name, FILE *thefile, bool normal,
|
|
}
|
|
#endif
|
|
|
|
+#if !defined(NANO_TINY) && defined(HAVE_CHMOD) && defined(HAVE_CHOWN)
|
|
+ /* Change permissions and owner of an emergency save file to the values
|
|
+ * of the original file, but ignore any failure as we are in a hurry. */
|
|
+ if (method == EMERGENCY && fd && openfile->statinfo) {
|
|
+ IGNORE_CALL_RESULT(fchmod(fd, openfile->statinfo->st_mode));
|
|
+ IGNORE_CALL_RESULT(fchown(fd, openfile->statinfo->st_uid,
|
|
+ openfile->statinfo->st_gid));
|
|
+ }
|
|
+#endif
|
|
+
|
|
if (fclose(thefile) != 0) {
|
|
statusline(ALERT, _("Error writing %s: %s"), realname, strerror(errno));
|
|
|
|
diff --git a/src/nano.c b/src/nano.c
|
|
index 9f614c6..4adfc9c 100644
|
|
--- a/src/nano.c
|
|
+++ b/src/nano.c
|
|
@@ -337,17 +337,8 @@ void emergency_save(const char *filename)
|
|
|
|
if (*targetname == '\0')
|
|
fprintf(stderr, _("\nToo many .save files\n"));
|
|
- else if (write_file(targetname, NULL, SPECIAL, OVERWRITE, NONOTES)) {
|
|
+ else if (write_file(targetname, NULL, SPECIAL, EMERGENCY, NONOTES)) {
|
|
fprintf(stderr, _("\nBuffer written to %s\n"), targetname);
|
|
-#ifndef NANO_TINY
|
|
- /* Try to chmod/chown the saved file to the values of the original file,
|
|
- * but ignore any failure as we are in a hurry to get out. */
|
|
- if (openfile->statinfo) {
|
|
- IGNORE_CALL_RESULT(chmod(targetname, openfile->statinfo->st_mode));
|
|
- IGNORE_CALL_RESULT(chown(targetname, openfile->statinfo->st_uid,
|
|
- openfile->statinfo->st_gid));
|
|
- }
|
|
-#endif
|
|
}
|
|
|
|
free(targetname);
|
|
--
|
|
2.34.1
|
|
|