bug-gnu-utils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

temp file creation bug in diffutils 2.7

From: Greg KH
Subject: temp file creation bug in diffutils 2.7
Date: Wed, 27 Dec 2000 15:03:50 -0800
User-agent: Mutt/1.2.5i 
In the diffutils 2.7 package, the sdiff program creates temp files in an
insecure manner.  Below is a small patch that seems to fix the problem.
This was found when building the latest version of Immunix Linux and we
would like to release an updated package soon.

Comments are appreciated.

thanks,

greg k-h


--- sdiff.c.original    Wed Dec 27 06:33:26 2000
+++ sdiff.c     Wed Dec 27 06:31:27 2000
@@ -935,13 +935,19 @@
        case 'q':
          return 0;
        case 'e':
-         if (! tmpname && ! (tmpname = private_tempnam ()))
-           perror_fatal ("temporary file name");
+         {
+           int fd;
+           FILE *tmp;
+           char tmpname[20];
 
-         tmpmade = 1;
+           strcpy (&tmpname[0], "/tmp/sdiffXXXXXX");
+           
+           if (! tmpname && ! (fd = mkstemp (tmpname)))
+             perror_fatal ("temporary file name");
 
-         {
-           FILE *tmp = ck_fopen (tmpname, "w+");
+           tmpmade = 1;
+
+           tmp = fdopen (fd, "w+");
 
            if (cmd1 == 'l' || cmd1 == 'b')
              lf_copy (left, lenl, tmp);


-- 
greg@(kroah|wirex).com
http://immunix.org/~greg
reply via email to
[Prev in Thread] Current Thread [Next in Thread]