--- f_readeps.c +++ f_readeps.c 2007-05-07 15:27:12.135432181 +0200 @@ -250,11 +250,10 @@ bitmap_from_gs(file, filetype, pic, urx, int urx, llx, ury, lly; int pdf_flag; { - static tempseq = 0; char buf[300]; FILE *tmpfp, *pixfile, *gsfile; char *psnam, *driver; - int status, wid, ht, nbitmap; + int status, wid, ht, nbitmap, fd; char tmpfile[PATH_MAX], pixnam[PATH_MAX], errnam[PATH_MAX], @@ -270,8 +269,12 @@ bitmap_from_gs(file, filetype, pic, urx, /* re-open the pipe */ close_picfile(file, filetype); file = open_picfile(tmpfile, &filetype, PIPEOK, pixnam); - sprintf(tmpfile, "%s/%s%06d", TMPDIR, "xfig-eps", getpid()); - if ((tmpfp = fopen(tmpfile, "wb")) == NULL) { + snprintf(tmpfile, sizeof(tmpfile), "%s/xfig-eps.XXXXXX", TMPDIR); + if ((fd = mkstemp(tmpfile)) == -1 || (tmpfp = fdopen(fd, "wb")) == NULL) { + if (fd != -1) { + unlink(tmpfile); + close(fd); + } file_msg("Couldn't open tmp file %s, %s", tmpfile, strerror(errno)); return False; } @@ -280,10 +283,20 @@ bitmap_from_gs(file, filetype, pic, urx, fclose(tmpfp); } /* make name /TMPDIR/xfig-pic######.pix */ - sprintf(pixnam, "%s/%s%06d.pix", TMPDIR, "xfig-pic", tempseq); + snprintf(pixnam, sizeof(pixnam), "%s/xfig-pic.XXXXXX", TMPDIR); + if ((fd = mkstemp(pixnam)) == -1) { + file_msg("Couldn't open tmp file %s, %s", pixnam, strerror(errno)); + return False; + } + close(fd); + /* and file name for any error messages from gs */ - sprintf(errnam, "%s/%s%06d.err", TMPDIR, "xfig-pic", tempseq); - tempseq++; + snprintf(errnam, sizeof(errnam), "%s/xfig-picerr.XXXXXX", TMPDIR); + if ((fd = mkstemp(errnam)) == -1) { + file_msg("Couldn't open tmp file %s, %s", errnam, strerror(errno)); + return False; + } + close(fd); /* generate gs command line */ /* for monochrome, use pbm */ --- f_readgif.c +++ f_readgif.c 2003-05-06 11:56:53.000000000 +0200 @@ -76,7 +76,7 @@ read_gif(FILE *file, int filetype, F_pic char buf[BUFLEN],pcxname[PATH_MAX]; FILE *giftopcx; struct Cmap localColorMap[MAX_COLORMAP_SIZE]; - int i, stat, size; + int i, stat, size, fd; int useGlobalColormap; unsigned int bitPixel, red, green, blue; unsigned char c; @@ -173,7 +173,13 @@ read_gif(FILE *file, int filetype, F_pic /* now call giftopnm and ppmtopcx */ /* make name for temp output file */ - sprintf(pcxname, "%s/%s%06d.pix", TMPDIR, "xfig-pcx", getpid()); + snprintf(pcxname, sizeof(pcxname), "%s/xfig-pcx.XXXXXX", TMPDIR); + if ((fd = mkstemp(pcxname)) == -1) { + file_msg("Cannot create temporary file\n"); + return FileInvalid; + } + close(fd); + /* make command to convert gif to pcx into temp file */ sprintf(buf, "giftopnm | ppmtopcx > %s 2> /dev/null", pcxname); if ((giftopcx = popen(buf,"w" )) == 0) { --- f_readppm.c +++ f_readppm.c 2003-05-06 11:56:53.000000000 +0200 @@ -34,10 +34,16 @@ read_ppm(FILE *file, int filetype, F_pic { char buf[BUFLEN],pcxname[PATH_MAX]; FILE *giftopcx; - int stat, size; + int stat, size, fd; /* make name for temp output file */ - sprintf(pcxname, "%s/%s%06d.pix", TMPDIR, "xfig-pcx", getpid()); + snprintf(pcxname, sizeof(pcxname), "%s/xfig-pcx.XXXXXX", TMPDIR); + if ((fd = mkstemp(pcxname)) == -1) { + file_msg("Cannot open temp file %s: %s\n", pcxname, strerror(errno)); + return FileInvalid; + } + close(fd); + /* make command to convert gif to pcx into temp file */ sprintf(buf, "ppmtopcx > %s 2> /dev/null", pcxname); if ((giftopcx = popen(buf,"w" )) == 0) { --- f_readtif.c +++ f_readtif.c 2003-05-06 11:56:53.000000000 +0200 @@ -33,11 +33,16 @@ read_tif(char *filename, int filetype, F { char buf[2*PATH_MAX+40],pcxname[PATH_MAX]; FILE *tiftopcx; - int stat; + int stat, fd; /* make name for temp output file */ - sprintf(pcxname, "%s/%s%06d.pix", TMPDIR, "xfig-pcx", getpid()); - + snprintf(pcxname, sizeof(pcxname), "%s/xfig-pcx.XXXXXX", TMPDIR); + if ((fd = mkstemp(pcxname)) == -1) { + file_msg("Cannot open temp file %s: %s\n", pcxname, strerror(errno)); + return FileInvalid; + } + close(fd); + /* make command to convert tif to pnm then to pcx into temp file */ /* for some reason, tifftopnm requires a file and can't work in a pipe */ sprintf(buf, "tifftopnm %s 2> /dev/null | ppmtopcx > %s 2> /dev/null", --- f_util.c +++ f_util.c 2003-05-06 12:13:22.000000000 +0200 @@ -906,14 +906,20 @@ void update_xfigrc(char *name, char *str int strain_out(char *name) { char line[RC_BUFSIZ+1], *tok; + int fd; /* make a temp filename in the user's home directory so we can just rename it to .xfigrc after creating it */ - sprintf(tmpname, "%s/%s%06d", userhome, "xfig-xfigrc", getpid()); - tmpf = fopen(tmpname,"wb"); - if (tmpf == 0) { - file_msg("Can't make temporary file for .xfigrc - error: %s",strerror(errno)); - return -1; + snprintf(tmpname, sizeof(tmpname), "%s/xfig-xfigrc.XXXXXX", userhome); + + if ((fd = mkstemp(tmpname)) == -1 || (tmpf = fdopen(fd, "wb")) == NULL) { + file_msg("Can't make temporary file for .xfigrc - error: %s", + strerror(errno)); + if (fd != -1) { + unlink(tmpname); + close(fd); + } + return -1; } /* read the .xfigrc file and write all to temp file except file names */ xfigrc = fopen(xfigrc_name,"r"); --- main.c +++ main.c 2003-05-06 11:56:53.000000000 +0200 @@ -671,8 +671,10 @@ void main(int argc, char **argv) update_figs = False; /* get the TMPDIR environment variable for temporary files */ - if ((TMPDIR = getenv("XFIGTMPDIR"))==NULL) - TMPDIR = "/tmp"; + if ((TMPDIR = getenv("XFIGTMPDIR"))==NULL) { + if ((TMPDIR = getenv("TMPDIR")) == NULL) + TMPDIR = "/tmp"; + } /* first check args to see if user wants to scale the figure as it is read in and make sure it is a resonable (positive) number */ @@ -1687,7 +1689,14 @@ make_cut_buf_name(void) if (userhome != NULL && *strcpy(cut_buf_name, userhome) != '\0') { strcat(cut_buf_name, "/.xfig"); } else { - sprintf(cut_buf_name, "%s/xfig%06d", TMPDIR, getpid()); + int fd; + sprintf(cut_buf_name, "%s/xfig.XXXXXX", TMPDIR); + if ((fd = mkstemp(cut_buf_name)) == -1) { + fprintf(stderr, "Can't create temporary file for cut_buff: %s\n", + strerror(errno)); + exit(0); + } + close(fd); } } --- mode.c +++ mode.c 2003-05-06 11:56:53.000000000 +0200 @@ -86,7 +86,7 @@ int min_num_points; int cur_exp_lang; /* gets initialized in main.c */ Boolean batch_exists = False; -char batch_file[32]; +char batch_file[PATH_MAX]; /*******************************************************************/ /* If you change the order of the lang_items[] you must change the */ --- u_print.c +++ u_print.c 2007-05-07 15:29:17.948727463 +0200 @@ -92,9 +92,16 @@ void print_to_printer(char *printer, cha char syspr[2*PATH_MAX+200]; char tmpfile[PATH_MAX]; char *name; + int fd; - sprintf(tmpfile, "%s/%s%06d", TMPDIR, "xfig-print", getpid()); + snprintf(tmpfile, sizeof(tmpfile), "%s/xfig-print.XXXXXX", TMPDIR); warnexist = False; + if ((fd = mkstemp(tmpfile)) == -1) { + file_msg("Can't open temp file %s: %s\n", tmpfile, strerror(errno)); + return; + } + close(fd); + init_write_tmpfile(); if (write_file(tmpfile, False)) { end_write_tmpfile(); @@ -190,12 +197,21 @@ int print_to_file(char *file, char *lang char tmp_fig_file[PATH_MAX]; char *outfile, *name, *real_lang; char *suf; + int fd; /* if file exists, ask if ok */ if (!ok_to_write(file, "EXPORT")) return (1); - sprintf(tmp_fig_file, "%s/%s%06d", TMPDIR, "xfig-fig", getpid()); + + snprintf(tmp_fig_file, sizeof(tmp_fig_file), "%s/xfig-fig.XXXXXX", TMPDIR); + if ((fd = mkstemp(tmp_fig_file)) == -1) { + file_msg("Can't open temp file %s: %s\n", tmp_fig_file, + strerror(errno)); + return 1; + } + close(fd); + /* write the fig objects to a temporary file */ warnexist = False; init_write_tmpfile(); @@ -648,10 +664,16 @@ exec_prcmd(char *command, char *msg) char errfname[PATH_MAX]; FILE *errfile; char str[400]; - int status; + int status, fd; /* make temp filename for any errors */ - sprintf(errfname, "%s/xfig-export%06d.err", TMPDIR, getpid()); + snprintf(errfname, sizeof(errfname), "%s/xfig-export.XXXXXX", TMPDIR); + if ((fd = mkstemp(errfname)) == -1) { + file_msg("Can't open temp file %s: %s\n", errfname, strerror(errno)); + return 1; + } + close(fd); + /* direct any output from fig2dev to this file */ strcat(command, " 2> "); strcat(command, errfname); --- w_print.c +++ w_print.c 2003-05-06 12:20:46.000000000 +0200 @@ -294,9 +294,10 @@ void do_print_batch(Widget w) { FILE *infp,*outfp; - char tmp_exp_file[32]; + char tmp_exp_file[PATH_MAX]; char str[255]; char backgrnd[10], grid[80]; + int fd; if (writing_batch || emptyfigure_msg(print_msg)) return; @@ -305,11 +306,20 @@ do_print_batch(Widget w) /* this could happen if the user presses the button too fast */ writing_batch = True; - /* make a temporary name to write the batch stuff to */ - sprintf(batch_file, "%s/%s%06d", TMPDIR, "xfig-batch", getpid()); /* make a temporary name to write this figure to */ - sprintf(tmp_exp_file, "%s/%s%06d", TMPDIR, "xfig-exp", getpid()); - batch_exists = True; + snprintf(tmp_exp_file, sizeof(tmp_exp_file), "%s/xfig-exp.XXXXXX", + TMPDIR); + + if (batch_exists != True) { + /* make a temporary name to write the batch stuff to */ + sprintf(batch_file, "%s/xfig-batch.XXXXXX", TMPDIR); + if ((fd = mkstemp(batch_file)) == -1) { + file_msg("Error creating temporary file"); + return; + } + close(fd); + batch_exists = True; + } if (!print_popup) create_print_panel(w); @@ -322,6 +332,12 @@ do_print_batch(Widget w) /* make a #rrggbb string from the background color */ make_rgb_string(export_background_color, backgrnd); + if ((fd = mkstemp(tmp_exp_file)) == -1) { + file_msg("Error creating temporary file"); + return; + } + close(fd); + /* get grid params and assemble into fig2dev parm */ get_grid_spec(grid, print_grid_minor_text, print_grid_major_text); --- w_srchrepl.c +++ w_srchrepl.c 2003-05-06 11:56:53.000000000 +0200 @@ -787,7 +787,7 @@ spell_check(void) char *cmd; char str[300]; FILE *fp; - int len, i; + int len, i, fd; Boolean done = FALSE; static int lines = 0; @@ -803,9 +803,12 @@ spell_check(void) } lines = 0; - sprintf(filename, "%s/xfig-spell.%d", TMPDIR, (int)getpid()); - fp = fopen(filename, "w"); - if (fp == NULL) { + snprintf(filename, sizeof(filename), "%s/xfig-spell.XXXXXX", TMPDIR); + if ((fd = mkstemp(filename)) == -1 || (fp = fdopen(fd, "w")) == NULL) { + if (fd != -1) { + unlink(filename); + close(fd); + } file_msg("Can't open temporary file: %s: %s\n", filename, strerror(errno)); } else { /* locate all text objects and write them to file fp */