diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2017-05-03 10:47:35 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-05-03 10:47:35 +0300 |
| commit | a9b67dc67579539436f49b7835d21abe870b1564 (patch) | |
| tree | e707ce591bc7b487aa9ea9740cf84b179fa666e9 | |
| parent | 67333bb09a03b08085015daf4bce90ed5c86cc0b (diff) | |
Reinitialize temporary files to prevent possible symlink attack - CVE-2017-8108
| -rw-r--r-- | include/tests_webservers | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/include/tests_webservers b/include/tests_webservers index 597d1066..580e831e 100644 --- a/include/tests_webservers +++ b/include/tests_webservers @@ -358,8 +358,9 @@ if [ ${NGINX_RUNNING} -eq 1 -a ! -z "${NGINX_CONF_LOCATION}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no HTTP-6706 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for additional nginx configuration files" if [ ${SKIPTEST} -eq 0 ]; then - # Remove temp file - if [ ! -z "${TMPFILE}" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi + CreateTempFile || ExitFatal + TMPFILE="${TEMP_FILE}" + COUNT=0 ${SEDBINARY} -e 's/^[ ]*//' ${NGINX_CONF_LOCATION} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "^$" | ${SEDBINARY} 's/[ ]/ /g' | ${SEDBINARY} 's/ / /g' | ${SEDBINARY} 's/ / /g' >> ${TMPFILE} # Search for included configuration files (may include directories and wild cards) |