Use non-predictable filename for downloaded patch file

Since the /tmp directory is readable by everybody on Unix, and since the patch name could be public or easy to guess, a attacker could create a symlink to a file writable by the user running hub, which would be replaced by the patch. This has been assigned CVE-2014-0177

Use non-predictable filename for downloaded patch file
Since the /tmp directory is readable by everybody on Unix, and since the patch name could be public or easy to guess, a attacker could create a symlink to a file writable by the user running hub, which would be replaced by the patch. This has been assigned CVE-2014-0177
016ec99d · Michael Scherer · Mislav Marohnić · 8150ddb8 · 016ec99d · 016ec99d
隐藏空白更改
内联并排

Showing with 1 addition and 5 deletion

lib/hub/commands.rb lib/hub/commands.rb +1 -1

lib/hub/context.rb lib/hub/context.rb +0 -4

未找到文件。
--- a/lib/hub/commands.rb
+++ b/lib/hub/commands.rb
@@ -519,7 +519,7 @@ module Hub
          end
        end

-        patch_file = File.join(tmp_dir, patch_name)
+        patch_file = Tempfile.new('patch_name')
        File.open(patch_file, 'w') { |file| file.write(patch) }
        args[idx] = patch_file
      end

--- a/lib/hub/context.rb
+++ b/lib/hub/context.rb
@@ -556,10 +556,6 @@ module Hub
        !which(name).nil?
      end

-      def tmp_dir
-        ENV['TMPDIR'] || ENV['TEMP'] || '/tmp'
-      end
-
      def terminal_width
        if unix?
          width = %x{stty size 2>#{NULL}}.split[1].to_i