rpms/mono/FC-5 mono-CVE-2006-5072-TempFileCollection.patch, NONE, 1.1 mono.spec, 1.33, 1.34

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Oct 6 08:08:34 UTC 2006


Author: caolanm

Update of /cvs/dist/rpms/mono/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv2910

Modified Files:
	mono.spec 
Added Files:
	mono-CVE-2006-5072-TempFileCollection.patch 
Log Message:
rh#209464# CVE-2006-5072

mono-CVE-2006-5072-TempFileCollection.patch:
 TempFileCollection.cs |   84 ++++++++++++++++++++++++++++++++++++++++++--------
 1 files changed, 72 insertions(+), 12 deletions(-)

--- NEW FILE mono-CVE-2006-5072-TempFileCollection.patch ---
--- trunk/mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs	2006/03/11 19:07:56	57836
+++ trunk/mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs	2006/09/15 09:32:42	65441
@@ -31,6 +31,7 @@
 using System.IO;
 using System.Security;
 using System.Security.Permissions;
+using System.Runtime.InteropServices;
 
 namespace System.CodeDom.Compiler {
 
@@ -45,6 +46,7 @@
 		bool keepfiles;
 		string basepath;
 		Random rnd;
+		string ownTempDir;
 		
 		public TempFileCollection ()
 			: this (String.Empty, false)
@@ -67,19 +69,39 @@
 		{
 			get {
 				if(basepath==null) {
-					// note: this property *cannot* change TempDir property
-					string temp = tempdir;
-					if (temp.Length == 0) {
-						// this call ensure the Environment permissions check
-						temp = Path.GetTempPath ();
-					}
-
+				
 					if (rnd == null)
 						rnd = new Random ();
 
-					string random = rnd.Next (10000,99999).ToString ();
-					basepath = Path.Combine (temp, random);
+					// note: this property *cannot* change TempDir property
+					string temp = tempdir;
+					if (temp.Length == 0)
+						temp = GetOwnTempDir ();
 
+					// Create a temporary file at the target directory. This ensures
+					// that the generated file name is unique.
+					FileStream f = null;
+					do {
+						int num = rnd.Next ();
+						num++;
+						basepath = Path.Combine (temp, num.ToString("x"));
+						string path = basepath + ".tmp";
+
+						try {
+							f = new FileStream (path, FileMode.CreateNew);
+						}
+						catch (System.IO.IOException) {
+							f = null;
+							continue;
+						}
+						catch {
+							// avoid endless loop
+							throw;
+						}
+					} while (f == null);
+					
+					f.Close ();
+					
 					// and you must have discovery access to the combined path
 					// note: the cache behaviour is tested in the CAS tests
 					if (SecurityManager.SecurityEnabled) {
@@ -90,6 +112,32 @@
 				return(basepath);
 			}
 		}
+		
+		string GetOwnTempDir ()
+		{
+			if (ownTempDir != null)
+				return ownTempDir;
+
+			// this call ensure the Environment permissions check
+			string basedir = Path.GetTempPath ();
+			
+			// Create a subdirectory with the correct user permissions
+			int res = -1;
+			do {
+				int num = rnd.Next ();
+				num++;
+				ownTempDir = Path.Combine (basedir, num.ToString("x"));
+				if (Directory.Exists (ownTempDir))
+					continue;
+				res = mkdir (ownTempDir, 0x1c0);
+				if (res != 0) {
+					if (!Directory.Exists (ownTempDir))
+						throw new IOException ();
+					// Somebody already created the dir, keep trying
+				}
+			} while (res != 0);
+			return ownTempDir;
+		}
 
 		int ICollection.Count {
 			get {
@@ -169,14 +217,25 @@
 		
 		public void Delete()
 		{
-			string[] filenames=new string[filehash.Count];
-			filehash.Keys.CopyTo(filenames, 0);
+			bool allDeleted = true;
+			string[] filenames = new string[filehash.Count];
+			filehash.Keys.CopyTo (filenames, 0);
 
 			foreach(string file in filenames) {
 				if((bool)filehash[file]==false) {
 					File.Delete(file);
 					filehash.Remove(file);
-				}
+				} else
+					allDeleted = false;
+			}
+			if (basepath != null) {
+				string tmpFile = basepath + ".tmp";
+				File.Delete (tmpFile);
+				basepath = null;
+			}
+			if (allDeleted && ownTempDir != null) {
+				Directory.Delete (ownTempDir, true);
+				ownTempDir = null;
 			}
 		}
 
@@ -203,5 +262,6 @@
 			Dispose(false);
 		}
 		
+		[DllImport ("libc")] private static extern int mkdir (string olpath, uint mode);
 	}
 }


Index: mono.spec
===================================================================
RCS file: /cvs/dist/rpms/mono/FC-5/mono.spec,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- mono.spec	26 Apr 2006 13:21:33 -0000	1.33
+++ mono.spec	6 Oct 2006 08:08:31 -0000	1.34
@@ -1,6 +1,6 @@
 Name:           mono
 Version:        1.1.13.7
-Release:        1.fc5.1
+Release:        2.fc5.1
 Summary:        a .NET runtime environment
 
 Group:          Development/Languages
@@ -21,6 +21,7 @@
 
 Patch1: mono-1.1.13.4-selinux-ia64.patch
 Patch2: mono-1.1.13.4-ppc-threading.patch
+Patch3: mono-CVE-2006-5072-TempFileCollection.patch
 
 %description
 The Mono runtime implements a JIT engine for the ECMA CLI
@@ -227,6 +228,7 @@
 %setup -q
 %patch1 -p1 -b .selinux-ia64
 %patch2 -p1 -b .ppc-threading
+%patch3 -p1 -b .CVE-2006-5072
 
 %build
 %ifarch ia64 s390
@@ -500,6 +502,9 @@
 %gac_dll IBM.Data.DB2
 
 %changelog
+* Fri Oct 06 2006 Caolan McNamara <caolanm at redhat.com> - 1.1.13.7-2.fc5.1
+- CVE-2006-5072
+
 * Wed Apr 26 2006 Alexander Larsson <alexl at redhat.com> - 1.1.13.7-1.fc5.1
 - Update to 1.1.13.7
 




More information about the fedora-cvs-commits mailing list