62 lines
1.8 KiB
Diff
62 lines
1.8 KiB
Diff
--- nedit-5.4/source/file.c.security 2003-09-28 16:18:12.000000000 +0200
|
|
+++ nedit-5.4/source/file.c 2004-03-17 15:25:31.000000000 +0100
|
|
@@ -1218,7 +1218,7 @@
|
|
*/
|
|
void PrintString(const char *string, int length, Widget parent, const char *jobName)
|
|
{
|
|
- char tmpFileName[L_tmpnam]; /* L_tmpnam defined in stdio.h */
|
|
+ char *tmpFileName=strdup("/tmp/neditXXXXXX");
|
|
FILE *fp;
|
|
int fd;
|
|
|
|
@@ -1229,14 +1229,10 @@
|
|
1. Create a filename
|
|
2. Open the file with the O_CREAT|O_EXCL flags
|
|
So all an attacker can do is a DoS on the print function. */
|
|
- tmpnam(tmpFileName);
|
|
+ fd = mkstemp(tmpFileName);
|
|
|
|
/* open the temporary file */
|
|
-#ifdef VMS
|
|
- if ((fp = fopen(tmpFileName, "w", "rfm = stmlf")) == NULL)
|
|
-#else
|
|
- if ((fd = open(tmpFileName, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR | S_IWUSR)) < 0 || (fp = fdopen(fd, "w")) == NULL)
|
|
-#endif /* VMS */
|
|
+ if ((fp = fdopen(fd, "w")) == NULL)
|
|
{
|
|
DialogF(DF_WARN, parent, 1, "Error while Printing",
|
|
"Unable to write file for printing:\n%s", "Dismiss",
|
|
@@ -1250,7 +1246,7 @@
|
|
|
|
/* write to the file */
|
|
#ifdef IBM_FWRITE_BUG
|
|
- write(fileno(fp), string, length);
|
|
+ write(fd, string, length);
|
|
#else
|
|
fwrite(string, sizeof(char), length, fp);
|
|
#endif
|
|
@@ -1260,6 +1256,7 @@
|
|
"%s not printed:\n%s", "Dismiss", jobName, errorString());
|
|
fclose(fp); /* should call close(fd) in turn! */
|
|
remove(tmpFileName);
|
|
+ free(tmpFileName);
|
|
return;
|
|
}
|
|
|
|
@@ -1270,6 +1267,7 @@
|
|
"Error closing temp. print file:\n%s", "Dismiss",
|
|
errorString());
|
|
remove(tmpFileName);
|
|
+ free(tmpFileName);
|
|
return;
|
|
}
|
|
|
|
@@ -1281,6 +1279,7 @@
|
|
PrintFile(parent, tmpFileName, jobName);
|
|
remove(tmpFileName);
|
|
#endif /*VMS*/
|
|
+ free(tmpFileName);
|
|
return;
|
|
}
|
|
|