avoid temp dir vulnerabilities

nextcloud · May 9, 2018 · 36f4c6f · 36f4c6f
1 parent a0b8c49
commit 36f4c6f
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 11 deletions.
diff --git a/bin/ncp-check-version b/bin/ncp-check-version
@@ -2,14 +2,15 @@
 
 # update latest available version in /var/run/.ncp-latest-version
 
-rm -rf /tmp/ncp-check-tmp
+TMPDIR="$( mktemp -d /tmp/ncp-check.XXXXXX || ( echo "Failed to create temp dir. Exiting" >&2; exit 1 ) )"
+trap "rm -rf \"${TMPDIR}\"; exit 0" 0 1 2 3 15
 
-git clone --depth 20 -q --bare https://github.com/nextcloud/nextcloudpi.git /tmp/ncp-check-tmp || {
+git clone --depth 20 -q --bare https://github.com/nextcloud/nextcloudpi.git "$TMPDIR" || {
   echo "The git clone command failed: No connectivity to https://github.com ?"
   exit 1
 }
 
-cd /tmp/ncp-check-tmp || exit 1
+cd "$TMPDIR" || exit 1
 VER=$( git describe --always --tags | grep -oP "v\d+\.\d+\.\d+" )
 grep -qP "v\d+\.\d+\.\d+" <<< "$VER" && {       # check format
   echo "$VER" > /var/run/.ncp-latest-version
@@ -22,5 +23,3 @@ grep -qP "v\d+\.\d+\.\d+" <<< "$VER" && {       # check format
     sed 's|* \[tag: |[|' > /usr/local/etc/ncp-changelog
 }
 cd / || exit 1
-
-rm -rf /tmp/ncp-check-tmp
diff --git a/bin/ncp-update b/bin/ncp-update
@@ -8,14 +8,15 @@
   BRANCH="${1:-master}"
   [[ "$BRANCH" != "master" ]] && echo "INFO: updating to development branch '$BRANCH'"
 
-  echo -e "Downloading updates"
-  rm -rf /tmp/ncp-update-tmp
+  TMPDIR="$( mktemp -d /tmp/ncp-update.XXXXXX || ( echo "Failed to create temp dir. Exiting" >&2; exit 1 ) )"
+  trap "rm -rf \"${TMPDIR}\"; exit 0" 0 1 2 3 15
 
-  git clone --depth 20 -b "$BRANCH" -q https://github.com/nextcloud/nextcloudpi.git /tmp/ncp-update-tmp || {
+  echo -e "Downloading updates"
+  git clone --depth 20 -b "$BRANCH" -q https://github.com/nextcloud/nextcloudpi.git "$TMPDIR" || {
     echo "No internet connectivity"
     exit 1
   }
-  cd /tmp/ncp-update-tmp
+  cd "$TMPDIR"
 
   echo -e "Performing updates"
   ./update.sh && {
@@ -36,7 +37,6 @@
   }
 
   cd /
-  rm -rf /tmp/ncp-update-tmp
 
   exit 
 } # force to read the whole thing into memory, as its contents might change in update.sh
diff --git a/changelog.md b/changelog.md
@@ -1,5 +1,7 @@
 
-[v0.54.3](https://github.com/nextcloud/nextcloudpi/commit/921b583) (2018-05-03) nc-datadir: avoid using occ for faster execution
+[v0.54.4](https://github.com/nextcloud/nextcloudpi/commit/36fed66) (2018-05-09) avoid temp dir vulnerabilities
+
+[v0.54.3 ](https://github.com/nextcloud/nextcloudpi/commit/66dfbd0) (2018-05-03) nc-datadir: avoid using occ for faster execution
 
 [v0.54.2 ](https://github.com/nextcloud/nextcloudpi/commit/ebfb7f1) (2018-05-03) samba: restart after configuration change