>From 1cad37216d4046f8d345dd34f6c40906b169577a Mon Sep 17 00:00:00 2001
From: "Aaron W. Hsu" <arcf...@sacrideo.us>
Date: Mon, 6 Aug 2012 18:01:19 -0400
Subject: [PATCH 1/2] Use mkstemp() instead of tmpnam() to avoid bad
 interactions

---
 cde/lib/DtSvc/DtUtil1/MMDb.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/cde/lib/DtSvc/DtUtil1/MMDb.c b/cde/lib/DtSvc/DtUtil1/MMDb.c
index 20a9260..20d830d 100644
--- a/cde/lib/DtSvc/DtUtil1/MMDb.c
+++ b/cde/lib/DtSvc/DtUtil1/MMDb.c
@@ -679,14 +679,26 @@ write_db(DtDtsMMHeader *header, void *index, int size, 
const char *CacheFile)
        /* are on different file systems.  Use tmpnam(3) to create the */
        /* unique file name instead. */
        char tmpnam_buf[L_tmpnam + 1];
-
+       
+       if ((tmpfile = malloc(sizeof(_DTDTSMMTEMPDIR) +
+           sizeof(_DTDTSMMTEMPFILE) + 7)) == NULL) {
+               _DtSimpleError(DtProgName, DtError, NULL, tmpfile, NULL);
+               return 0;
+       }
+       
+       sprintf(tmpfile, "%s/%sXXXXXX", _DTDTSMMTEMPDIR, _DTDTSMMTEMPFILE);
+       fd = mkstemp(tmpfile);
+       
+       /*
        tmpfile = (char *)malloc(sizeof(_DTDTSMMTEMPDIR) +
                                 sizeof(_DTDTSMMTEMPFILE) + L_tmpnam + 3);
+       
        tmpnam(tmpnam_buf);
        sprintf(tmpfile, "%s/%s%s", _DTDTSMMTEMPDIR, _DTDTSMMTEMPFILE,
                basename(tmpnam_buf));
 
        fd  = open(tmpfile, O_RDWR|O_CREAT, 0600);
+       */
        umask(cmask);
 
        if(fd ==  -1)
-- 
Aaron W. Hsu | arcf...@sacrideo.us | http://www.sacrideo.us
Programming is just another word for the lost art of thinking.

Aaron W. Hsu | arcf...@sacrideo.us | http://www.sacrideo.us
Programming is just another word for the lost art of thinking.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel

Reply via email to