I guess this is pure paranoia... but should not the return value of
mkstemp be sanity-checked, e.g. like:
int j;
sprintf(tempFilename,"%sgv_%s.%s.XXXXXX",tmpDirBuf,tmpName,tmpExt);
file_translateTildeInPath(tempFilename);
no_such_file = 1;
j = mkstemp(tempFilename);
if (j == -1) { exit(1); }
close(j);
otherwise an attacker may create some exceptional condition (disk full,
or partition out of inodes maybe) so mkstemp will fail... and return
some (maybe even predictable) tempFilename which will be passed on the
command-line to gs.
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
