summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lisp/ChangeLog6
-rw-r--r--lisp/net/browse-url.el35
2 files changed, 21 insertions, 20 deletions
diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 333bc7fcf90..a09dd63a34f 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,9 @@
+2014-05-08 Glenn Morris <rgm@gnu.org>
+
+ * net/browse-url.el (browse-url-mosaic):
+ Be careful when writing /tmp/Mosaic.PID. (Bug#17428)
+ This is CVE-2014-3423.
+
2014-05-08 Stefan Monnier <monnier@iro.umontreal.ca>
* xt-mouse.el: Drop spurious/oddly shaped events (bug#17378).
diff --git a/lisp/net/browse-url.el b/lisp/net/browse-url.el
index 4364490f431..80dffb3fa4a 100644
--- a/lisp/net/browse-url.el
+++ b/lisp/net/browse-url.el
@@ -1333,31 +1333,26 @@ used instead of `browse-url-new-window-flag'."
(let ((pidfile (expand-file-name browse-url-mosaic-pidfile))
pid)
(if (file-readable-p pidfile)
- (save-excursion
- (find-file pidfile)
- (goto-char (point-min))
- (setq pid (read (current-buffer)))
- (kill-buffer nil)))
- (if (and pid (zerop (signal-process pid 0))) ; Mosaic running
- (save-excursion
- ;; This is a predictable temp-file name, which is bad,
- ;; but it is what Mosaic uses/used.
- ;; So it's not Emacs's problem. http://bugs.debian.org/747100
- (find-file (format "/tmp/Mosaic.%d" pid))
- (erase-buffer)
- (insert (if (browse-url-maybe-new-window new-window)
- "newwin\n"
- "goto\n")
- url "\n")
- (save-buffer)
- (kill-buffer nil)
+ (with-temp-buffer
+ (insert-file-contents pidfile)
+ (setq pid (read (current-buffer)))))
+ (if (and (integerp pid) (zerop (signal-process pid 0))) ; Mosaic running
+ (progn
+ (with-temp-buffer
+ (insert (if (browse-url-maybe-new-window new-window)
+ "newwin\n"
+ "goto\n")
+ url "\n")
+ (if (file-exists-p (setq pidfile (format "/tmp/Mosaic.%d" pid)))
+ (delete-file pidfile))
+ ;; http://debbugs.gnu.org/17428. Use O_EXCL.
+ (write-region nil nil pidfile nil 'silent nil 'excl))
;; Send signal SIGUSR to Mosaic
(message "Signaling Mosaic...")
(signal-process pid 'SIGUSR1)
;; Or you could try:
;; (call-process "kill" nil 0 nil "-USR1" (int-to-string pid))
- (message "Signaling Mosaic...done")
- )
+ (message "Signaling Mosaic...done"))
;; Mosaic not running - start it
(message "Starting %s..." browse-url-mosaic-program)
(apply 'start-process "xmosaic" nil browse-url-mosaic-program
View Lorry Controller Status