This patch fixes an issues where temporary files were created in an insecure way. It was first intruduced in version 3.8.3-7 and fixes http://bugs.debian.org/438540 --- a/src/tag_file.cpp +++ b/src/tag_file.cpp @@ -242,8 +242,8 @@ strcpy(sTempFile, filename.c_str()); strcat(sTempFile, sTmpSuffix.c_str()); -#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) - // This section is for Windows folk && gcc 3.x folk +#if !defined(HAVE_MKSTEMP) + // This section is for Windows folk fstream tmpOut; createFile(sTempFile, tmpOut); @@ -257,7 +257,7 @@ tmpOut.write((char *)tmpBuffer, nBytes); } -#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) +#else //!defined(HAVE_MKSTEMP) // else we gotta make a temp file, copy the tag into it, copy the // rest of the old file after the tag, delete the old file, rename @@ -270,7 +270,7 @@ //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file"); } - ofstream tmpOut(fd); + ofstream tmpOut(sTempFile); if (!tmpOut) { tmpOut.close(); @@ -285,14 +285,14 @@ uchar tmpBuffer[BUFSIZ]; while (file) { - file.read(tmpBuffer, BUFSIZ); + file.read((char *)tmpBuffer, BUFSIZ); size_t nBytes = file.gcount(); - tmpOut.write(tmpBuffer, nBytes); + tmpOut.write((char *)tmpBuffer, nBytes); } close(fd); //closes the file -#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) +#endif ////!defined(HAVE_MKSTEMP) tmpOut.close(); file.close();