pool/nedit
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
733dd38495
nedit/nedit-5.5CVS-security.patch
Ismail Dönmez f24de0b229 Accepting request 139490 from home:dstoecker 
I do an updated nedit version for several years now. It is based on latest CVS which is very slowly evolving and obsoletes most of the patches. I suggest to use this version instead of the current one.

Also it is bad style to link from an non-home-project to a home project. editors/nedit should be the base, not the other way round.

I checked all inbetween changes in the other packages today and I'm pretty sure that this version is more recent in every detail.

OBS-URL: https://build.opensuse.org/request/show/139490
OBS-URL: https://build.opensuse.org/package/show/editors/nedit?expand=0&rev=7
2012-11-13 13:37:37 +00:00

63 lines
1.9 KiB
Diff
Raw Blame History

diff -ur nedit-5.5_CVS20100831/source/file.c nedit-5.5_CVS20100831_f/source/file.c
--- nedit-5.5_CVS20100831/source/file.c 2010-08-31 18:47:59.000000000 +0200
+++ nedit-5.5_CVS20100831_f/source/file.c 2010-08-31 18:50:03.000000000 +0200
@@ -1372,7 +1372,7 @@
*/
void PrintString(const char *string, int length, Widget parent, const char *jobName)
{
- char tmpFileName[L_tmpnam]; /* L_tmpnam defined in stdio.h */
+ char *tmpFileName=strdup("/tmp/neditXXXXXX");
FILE *fp;
int fd;
@@ -1383,14 +1383,10 @@
1. Create a filename
2. Open the file with the O_CREAT|O_EXCL flags
So all an attacker can do is a DoS on the print function. */
- tmpnam(tmpFileName);
+ fd = mkstemp(tmpFileName);
/* open the temporary file */
-#ifdef VMS
- if ((fp = fopen(tmpFileName, "w", "rfm = stmlf")) == NULL)
-#else
- if ((fd = open(tmpFileName, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR | S_IWUSR)) < 0 || (fp = fdopen(fd, "w")) == NULL)
-#endif /* VMS */
+ if ((fp = fdopen(fd, "w")) == NULL)
{
DialogF(DF_WARN, parent, 1, "Error while Printing",
"Unable to write file for printing:\n%s", "OK",
@@ -1404,7 +1400,7 @@
/* write to the file */
#ifdef IBM_FWRITE_BUG
- write(fileno(fp), string, length);
+ write(fd, string, length);
#else
fwrite(string, sizeof(char), length, fp);
#endif
@@ -1414,6 +1410,7 @@
"%s not printed:\n%s", "OK", jobName, errorString());
fclose(fp); /* should call close(fd) in turn! */
remove(tmpFileName);
+ free(tmpFileName);
return;
}
@@ -1424,6 +1421,7 @@
"Error closing temp. print file:\n%s", "OK",
errorString());
remove(tmpFileName);
+ free(tmpFileName);
return;
}
@@ -1435,6 +1433,7 @@
PrintFile(parent, tmpFileName, jobName);
remove(tmpFileName);
#endif /*VMS*/
+ free(tmpFileName);
return;
}
Reference in New Issue View Git Blame Copy Permalink