phantom/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2025-01-25 18:52:58 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix CVE-2016-5026

Browse source 
See http://www.openwall.com/lists/oss-security/2016/05/23/5 for details
on a potential convoluted attack. Basically,  /tmp/onionshare is
a predictable name, which mean that a local attacker
could precreate it on a shared server and later mess with the hidden
service operations in various way.
This commit is contained in:
Michael Scherer 2016-05-23 20:45:07 +02:00
parent 9bfde7dfcc
commit 70c55511b1
1 changed files with 5 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
onionshare/hs.py
View file

@ -102,16 +102,7 @@ class HS(object):
self.hidserv_dir = self.hidserv_dir.replace('\\', '/')
else:
path = '/tmp/onionshare'
try:
if not os.path.exists(path):
os.makedirs(path, 0o700)
except:
raise HSDirError(strings._("error_hs_dir_cannot_create").format(path))
if not os.access(path, os.W_OK):
raise HSDirError(strings._("error_hs_dir_not_writable").format(path))
self.hidserv_dir = tempfile.mkdtemp(dir=path)
self.hidserv_dir = tempfile.mkdtemp(suffix='onionshare',dir='/tmp')
self.cleanup_filenames.append(self.hidserv_dir)
@ -233,17 +224,17 @@ class HS(object):
'80 127.0.0.1:33302'
],
'HiddenServiceDir': [
'/tmp/onionshare/tmplTfZZu',
'/tmp/onionshare/tmpchDai3'
'/tmp/onionsharelTfZZu',
'/tmp/onionsharechDai3'
]
}
Output will look like this:
[
('HiddenServiceDir', '/tmp/onionshare/tmplTfZZu'),
('HiddenServiceDir', '/tmp/onionsharelTfZZu'),
('HiddenServicePort', '80 127.0.0.1:47906'),
('HiddenServiceDir', '/tmp/onionshare/tmpchDai3'),
('HiddenServiceDir', '/tmp/onionsharechDai3'),
('HiddenServicePort', '80 127.0.0.1:33302')
]
"""