2002-06-13 01:44:57 -04:00
|
|
|
$OpenBSD: patch-source_file_c,v 1.3 2002/06/13 05:44:57 form Exp $
|
|
|
|
|
--- source/file.c.orig Sat Mar 2 23:02:22 2002
|
|
|
|
|
+++ source/file.c Thu Jun 13 12:41:13 2002
|
|
|
|
|
@@ -1066,7 +1066,12 @@ void PrintWindow(WindowInfo *window, int
|
2000-06-09 16:10:30 -04:00
|
|
|
*/
|
2001-10-31 03:03:18 -05:00
|
|
|
void PrintString(const char *string, int length, Widget parent, const char *jobName)
|
2000-06-09 16:10:30 -04:00
|
|
|
{
|
|
|
|
|
+#ifdef HAVE_MKSTEMP
|
|
|
|
|
+ static char template[] = "/var/tmp/nedit-XXXXXXXXXX";
|
|
|
|
|
+ char tmpFileName[sizeof(template)];
|
|
|
|
|
+#else
|
|
|
|
|
char tmpFileName[L_tmpnam]; /* L_tmpnam defined in stdio.h */
|
|
|
|
|
+#endif
|
|
|
|
|
FILE *fp;
|
2001-10-31 03:03:18 -05:00
|
|
|
int fd;
|
2000-06-09 16:10:30 -04:00
|
|
|
|
2002-06-13 01:44:57 -04:00
|
|
|
@@ -1077,6 +1082,10 @@ void PrintString(const char *string, int
|
2001-10-31 03:03:18 -05:00
|
|
|
1. Create a filename
|
|
|
|
|
2. Open the file with the O_CREAT|O_EXCL flags
|
|
|
|
|
So all an attacker can do is a DoS on the print function. */
|
2000-06-09 16:10:30 -04:00
|
|
|
+#ifdef HAVE_MKSTEMP
|
|
|
|
|
+ strcpy(tmpFileName, template);
|
2002-06-13 01:44:57 -04:00
|
|
|
+ if ((fd = mkstemp(tmpFileName)) < 0 || (fp = fdopen(fd, "w")) == NULL)
|
2000-06-09 16:10:30 -04:00
|
|
|
+#else
|
|
|
|
|
tmpnam(tmpFileName);
|
|
|
|
|
|
2001-10-31 03:03:18 -05:00
|
|
|
/* open the temporary file */
|
2002-06-13 01:44:57 -04:00
|
|
|
@@ -1085,6 +1094,7 @@ void PrintString(const char *string, int
|
2000-06-09 16:10:30 -04:00
|
|
|
#else
|
2002-06-13 01:44:57 -04:00
|
|
|
if ((fd = open(tmpFileName, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR | S_IWUSR)) < 0 || (fp = fdopen(fd, "w")) == NULL)
|
2000-06-09 16:10:30 -04:00
|
|
|
#endif /* VMS */
|
|
|
|
|
+#endif /* HAVE_MKSTEMP */
|
2002-06-13 01:44:57 -04:00
|
|
|
{
|
2000-06-09 16:10:30 -04:00
|
|
|
DialogF(DF_WARN, parent, 1, "Unable to write file for printing:\n%s",
|
|
|
|
|
"Dismiss", errorString());
|
