From b5f03b15f606a644eeeb1ac3fcd35fd5141ea65b Mon Sep 17 00:00:00 2001
From: Brian Feldman <green@FreeBSD.org>
Date: Fri, 30 Jun 2000 04:21:53 +0000
Subject: Fix EsounD daemon and library insecurities noted on BugTraq. Instead
 of an 0777 chock-full-o-races /tmp/.esd/, use a 0755 ~/.esd/. Also, the
 ~/.esd/socket of course needs only be 0644.

Two macros had to be backed up by functions which returned a static
buffer.  These macros, ESD_UNIX_SOCKET_DIR and ESD_UNIX_SOCKET_NAME,
both return constant strings as the new functions esd_unix_socket_dir()
and esd_unix_socket_name(), so the static buffers are not particularly
evil.

The fix has been tested (without needing recompilation) by the most
important EsounD-related apps, esd and XMMS, and works perfectly
in both cases.  It will be submitted to the EsounD maintainer to
be fixed in the source distribution ASAP.

Approved by:    Security Officer Kris
Noticed by:     Stan Bubrouski <satan@FASTDIAL.NET>
---
 audio/esound/files/patch-ad | 46 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 audio/esound/files/patch-ad

(limited to 'audio/esound/files/patch-ad')

diff --git a/audio/esound/files/patch-ad b/audio/esound/files/patch-ad
new file mode 100644
index 000000000000..9d85c98df16a
--- /dev/null
+++ b/audio/esound/files/patch-ad
@@ -0,0 +1,46 @@
+--- esdlib.c.orig	Thu Jun 29 23:31:04 2000
++++ esdlib.c	Thu Jun 29 23:31:21 2000
+@@ -19,6 +19,8 @@
+ #include <arpa/inet.h>
+ #include <errno.h>
+ #include <sys/wait.h>
++#include <pwd.h>
++#include <limits.h>
+ 
+ #include <sys/un.h>
+ 
+@@ -1421,4 +1423,34 @@
+     */
+ 
+     return close( esd );
++}
++
++char *
++esd_unix_socket_dir(void) {
++	static char *sockdir = NULL, sockdirbuf[PATH_MAX];
++	struct passwd *pw;
++
++	if (sockdir != NULL)
++		return (sockdir);
++	pw = getpwuid(getuid());
++	if (pw == NULL || pw->pw_dir == NULL) {
++		fprintf(stderr, "esd: could not find home directory\n");
++		exit(1);
++	}
++	snprintf(sockdirbuf, sizeof(sockdirbuf), "%s/.esd", pw->pw_dir);
++	endpwent();
++	sockdir = sockdirbuf;
++	return (sockdir);
++}
++
++char *
++esd_unix_socket_name(void) {
++	static char *sockname = NULL, socknamebuf[PATH_MAX];
++
++	if (sockname != NULL)
++		return (sockname);
++	snprintf(socknamebuf, sizeof(socknamebuf), "%s/socket",
++	    esd_unix_socket_dir());
++	sockname = socknamebuf;
++	return (sockname);
+ }
-- 
cgit v1.2.3