From a9b67dc67579539436f49b7835d21abe870b1564 Mon Sep 17 00:00:00 2001
From: Michael Boelen <michael.boelen@cisofy.com>
Date: Wed, 3 May 2017 09:47:35 +0200
Subject: Reinitialize temporary files to prevent possible symlink attack -
 CVE-2017-8108

---
 include/tests_webservers | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'include/tests_webservers')

diff --git a/include/tests_webservers b/include/tests_webservers
index 597d1066..580e831e 100644
--- a/include/tests_webservers
+++ b/include/tests_webservers
@@ -358,8 +358,9 @@
     if [ ${NGINX_RUNNING} -eq 1 -a ! -z "${NGINX_CONF_LOCATION}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
     Register --test-no HTTP-6706 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for additional nginx configuration files"
     if [ ${SKIPTEST} -eq 0 ]; then
-        # Remove temp file
-        if [ ! -z "${TMPFILE}" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi
+        CreateTempFile || ExitFatal
+        TMPFILE="${TEMP_FILE}"
+
         COUNT=0
         ${SEDBINARY} -e 's/^[ 	]*//' ${NGINX_CONF_LOCATION} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "^$" | ${SEDBINARY} 's/[	]/ /g' | ${SEDBINARY} 's/  / /g' | ${SEDBINARY} 's/  / /g' >> ${TMPFILE}
         # Search for included configuration files (may include directories and wild cards)
-- 
cgit v1.2.3