[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
temp file creation bug in diffutils 2.7
From: |
Greg KH |
Subject: |
temp file creation bug in diffutils 2.7 |
Date: |
Wed, 27 Dec 2000 15:03:50 -0800 |
User-agent: |
Mutt/1.2.5i |
In the diffutils 2.7 package, the sdiff program creates temp files in an
insecure manner. Below is a small patch that seems to fix the problem.
This was found when building the latest version of Immunix Linux and we
would like to release an updated package soon.
Comments are appreciated.
thanks,
greg k-h
--- sdiff.c.original Wed Dec 27 06:33:26 2000
+++ sdiff.c Wed Dec 27 06:31:27 2000
@@ -935,13 +935,19 @@
case 'q':
return 0;
case 'e':
- if (! tmpname && ! (tmpname = private_tempnam ()))
- perror_fatal ("temporary file name");
+ {
+ int fd;
+ FILE *tmp;
+ char tmpname[20];
- tmpmade = 1;
+ strcpy (&tmpname[0], "/tmp/sdiffXXXXXX");
+
+ if (! tmpname && ! (fd = mkstemp (tmpname)))
+ perror_fatal ("temporary file name");
- {
- FILE *tmp = ck_fopen (tmpname, "w+");
+ tmpmade = 1;
+
+ tmp = fdopen (fd, "w+");
if (cmd1 == 'l' || cmd1 == 'b')
lf_copy (left, lenl, tmp);
--
greg@(kroah|wirex).com
http://immunix.org/~greg
- temp file creation bug in diffutils 2.7,
Greg KH <=