OpenCC // Patch vulnerabilities in cpp and py script.

2022-04-18 16:39:54 +08:00 · 2022-04-18 16:39:54 +08:00 · 4e76b791d8
parent a5540bde0a
commit 4e76b791d8
2 changed files with 24 additions and 6 deletions
--- a/Packages/SwiftyOpenCC/OpenCC/data/scripts/sort.py
+++ b/Packages/SwiftyOpenCC/OpenCC/data/scripts/sort.py
@ -6,14 +6,14 @@ from common import sort_items

 if len(sys.argv) < 2:
    print("Sort the dictionary")
-    print(("Usage: ", sys.argv[0], "[input] ([output])"))
+    print(("Usage: ", sys.argv[0], "[inputVal] ([outputVal])"))
    exit(1)

-input = sys.argv[1]
+inputVal = sys.argv[1]

 if len(sys.argv) < 3:
-    output = input
+    outputVal = inputVal
 else:
-    output = sys.argv[2]
+    outputVal = sys.argv[2]

-sort_items(input, output)
+sort_items(inputVal, outputVal)
--- a/Packages/SwiftyOpenCC/OpenCC/src/tools/CommandLine.cpp
+++ b/Packages/SwiftyOpenCC/OpenCC/src/tools/CommandLine.cpp
@ -100,8 +100,26 @@ void Convert(std::string fileName)
    if (!outputFileName.IsNull() && fileName == outputFileName.Get())
    {
        // Special case: input == output
-        const std::string tempFileName = std::tmpnam(nullptr);
        std::ifstream src(fileName, std::ios::binary);
+
+        std::string tempFileName = std::getenv("TMPDIR");
+#ifdef P_tmpdir
+        if (tempFileName.empty())
+        {
+            tempFileName = P_tmpdir;
+        }
+#endif
+        if (tempFileName.empty())
+        {
+            tempFileName = "/tmp";
+        }
+        tempFileName += "/openccXXXXXX";
+        int fd = mkstemp(const_cast<char *>(tempFileName.c_str()));
+        if (fd == 0)
+        {
+            throw FileNotWritable(tempFileName);
+        }
+
        std::ofstream dst(tempFileName, std::ios::binary);
        dst << src.rdbuf();
        dst.close();