47 lines
1.8 KiB
Diff
47 lines
1.8 KiB
Diff
From 3fdff274c40795ad6a24891066358aa7a3953962 Mon Sep 17 00:00:00 2001
|
|
From: Matthias Gerstner <matthias.gerstner@suse.de>
|
|
Date: Tue, 22 Aug 2023 14:28:33 +0200
|
|
Subject: [PATCH] cadence.py: wine ASIO settings: use safe tempfile
|
|
|
|
This fixed tempfile path poses a security issue that even might allow
|
|
other users on the system to inject arbitrary wine registry settings, if
|
|
protect_symlinks and protect_regular kernel protection is not enabled.
|
|
|
|
Use a proper NamedTemporaryFile to pass the data to regedit to fix this.
|
|
---
|
|
src/cadence.py | 11 ++++++-----
|
|
1 file changed, 6 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/src/cadence.py b/src/cadence.py
|
|
index 714e2d6..fddadfb 100755
|
|
--- a/src/cadence.py
|
|
+++ b/src/cadence.py
|
|
@@ -47,6 +47,8 @@ from shared_settings import *
|
|
# Import getoutput
|
|
|
|
from subprocess import getoutput
|
|
+import tempfile
|
|
+import subprocess
|
|
|
|
# ------------------------------------------------------------------------------------------------------------
|
|
# Try Import DBus
|
|
@@ -2095,11 +2097,10 @@ class CadenceMainW(QMainWindow, ui_cadence.Ui_CadenceMainW):
|
|
REGFILE += '"Number of outputs"=dword:000000%s\n' % smartHex(self.sb_wineasio_outs.value(), 2)
|
|
REGFILE += '"Preferred buffersize"=dword:0000%s\n' % smartHex(int(self.cb_wineasio_bsizes.currentText()), 4)
|
|
|
|
- writeFile = open("/tmp/cadence-wineasio.reg", "w")
|
|
- writeFile.write(REGFILE)
|
|
- writeFile.close()
|
|
-
|
|
- os.system("regedit /tmp/cadence-wineasio.reg")
|
|
+ with tempfile.NamedTemporaryFile('w') as tmpfile:
|
|
+ tmpfile.write(REGFILE)
|
|
+ tmpfile.flush()
|
|
+ subprocess.run(["regedit", tmpfile.name])
|
|
|
|
self.settings_changed_types = []
|
|
self.frame_tweaks_settings.setVisible(False)
|
|
--
|
|
2.41.0
|
|
|