2012-11-13 14:37:37 +01:00
|
|
|
diff -ur nedit-5.5_CVS20100831/source/file.c nedit-5.5_CVS20100831_f/source/file.c
|
|
|
|
|
--- nedit-5.5_CVS20100831/source/file.c 2010-08-31 18:47:59.000000000 +0200
|
|
|
|
|
+++ nedit-5.5_CVS20100831_f/source/file.c 2010-08-31 18:50:03.000000000 +0200
|
|
|
|
|
@@ -1372,7 +1372,7 @@
|
2007-07-02 14:40:15 +02:00
|
|
|
*/
|
|
|
|
|
void PrintString(const char *string, int length, Widget parent, const char *jobName)
|
|
|
|
|
{
|
|
|
|
|
- char tmpFileName[L_tmpnam]; /* L_tmpnam defined in stdio.h */
|
|
|
|
|
+ char *tmpFileName=strdup("/tmp/neditXXXXXX");
|
|
|
|
|
FILE *fp;
|
|
|
|
|
int fd;
|
|
|
|
|
|
2012-11-13 14:37:37 +01:00
|
|
|
@@ -1383,14 +1383,10 @@
|
2007-07-02 14:40:15 +02:00
|
|
|
1. Create a filename
|
|
|
|
|
2. Open the file with the O_CREAT|O_EXCL flags
|
|
|
|
|
So all an attacker can do is a DoS on the print function. */
|
|
|
|
|
- tmpnam(tmpFileName);
|
|
|
|
|
+ fd = mkstemp(tmpFileName);
|
|
|
|
|
|
|
|
|
|
/* open the temporary file */
|
|
|
|
|
-#ifdef VMS
|
|
|
|
|
- if ((fp = fopen(tmpFileName, "w", "rfm = stmlf")) == NULL)
|
|
|
|
|
-#else
|
|
|
|
|
- if ((fd = open(tmpFileName, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR | S_IWUSR)) < 0 || (fp = fdopen(fd, "w")) == NULL)
|
|
|
|
|
-#endif /* VMS */
|
|
|
|
|
+ if ((fp = fdopen(fd, "w")) == NULL)
|
|
|
|
|
{
|
|
|
|
|
DialogF(DF_WARN, parent, 1, "Error while Printing",
|
2010-12-02 17:56:24 +01:00
|
|
|
"Unable to write file for printing:\n%s", "OK",
|
2012-11-13 14:37:37 +01:00
|
|
|
@@ -1404,7 +1400,7 @@
|
2007-07-02 14:40:15 +02:00
|
|
|
|
|
|
|
|
/* write to the file */
|
|
|
|
|
#ifdef IBM_FWRITE_BUG
|
|
|
|
|
- write(fileno(fp), string, length);
|
|
|
|
|
+ write(fd, string, length);
|
|
|
|
|
#else
|
|
|
|
|
fwrite(string, sizeof(char), length, fp);
|
|
|
|
|
#endif
|
2012-11-13 14:37:37 +01:00
|
|
|
@@ -1414,6 +1410,7 @@
|
2010-12-02 17:56:24 +01:00
|
|
|
"%s not printed:\n%s", "OK", jobName, errorString());
|
2007-07-02 14:40:15 +02:00
|
|
|
fclose(fp); /* should call close(fd) in turn! */
|
|
|
|
|
remove(tmpFileName);
|
|
|
|
|
+ free(tmpFileName);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-13 14:37:37 +01:00
|
|
|
@@ -1424,6 +1421,7 @@
|
2010-12-02 17:56:24 +01:00
|
|
|
"Error closing temp. print file:\n%s", "OK",
|
2007-07-02 14:40:15 +02:00
|
|
|
errorString());
|
|
|
|
|
remove(tmpFileName);
|
|
|
|
|
+ free(tmpFileName);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-13 14:37:37 +01:00
|
|
|
@@ -1435,6 +1433,7 @@
|
2007-07-02 14:40:15 +02:00
|
|
|
PrintFile(parent, tmpFileName, jobName);
|
|
|
|
|
remove(tmpFileName);
|
|
|
|
|
#endif /*VMS*/
|
|
|
|
|
+ free(tmpFileName);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
