projects / debian / as31 / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fold in patch from Jim Paris for use of mkstemps to improve security
[debian/as31] / debian / patches / as31-mkstemps.patch
1 --- as31-2.3.1/as31/run.c       2005-09-05 12:32:42.000000000 -0400
2 +++ as31-2.3.1-fixed/as31/run.c 2012-01-11 12:30:19.000000000 -0500
3 @@ -39,8 +39,8 @@
4         char *incLineBuffer=NULL;
5         int incSizeBuf=0;
6         FILE* includeFile=NULL;
7 +       int fd;
8  
9 -       uid_t uid; 
10         /* first, figure out all the file names */
11  
12         dashl = lst;
13 @@ -95,11 +95,18 @@
14                 }
15         }
16         
17 -       uid = geteuid();
18 -       sprintf(tmpName,"/tmp/as31-%i-%ld.asm",uid,random());
19 -       fin = fopen(tmpName, "w");
20 +       sprintf(tmpName,"/tmp/as31-XXXXXX.asm");
21 +       fd = mkstemps(tmpName, 4);
22 +       if (fd == -1) {
23 +               mesg_f("Cannot create temp file\n");
24 +               if (outfile) free(outfile);
25 +               if (lstfile) free(lstfile);
26 +               return -1;
27 +       }
28 +       fin = fdopen(fd, "w");
29         if (fin == NULL) {
30                 mesg_f("Cannot open temp file: %s\n",tmpName);
31 +               close(fd);
32                 if (outfile) free(outfile);
33                 if (lstfile) free(lstfile);
34                 return -1;
Debian packaging of as31