[CVS] OpenPKG: openpkg-src/uudeview/ uudeview.patch

Fri, 12 Mar 2004 05:36:31 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   12-Mar-2004 14:36:32
  Branch: HEAD                             Handle: 2004031213363100

  Modified files:
    openpkg-src/uudeview    uudeview.patch

  Log:
    mkstemp security enhancement

  Summary:
    Revision    Changes     Path
    1.2         +57 -0      openpkg-src/uudeview/uudeview.patch
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/uudeview/uudeview.patch
  ============================================================================
  $ cvs diff -u -r1.1 -r1.2 uudeview.patch
  --- openpkg-src/uudeview/uudeview.patch       12 Mar 2004 12:56:33 -0000      1.1
  +++ openpkg-src/uudeview/uudeview.patch       12 Mar 2004 13:36:31 -0000      1.2
  @@ -33,3 +33,60 @@
        /*
         * If we don't have all valid MIME headers yet, but the following
   
  +mkstemp security enhancement. Similar to
  +FreeBSD http://www.freebsd.org/cgi/query-pr.cgi?pr=41508
  +SuSE uudeview-0.5.18-244.src.rpm
  +
  +--- unix/uudeview.c
  ++++ unix/uudeview.c
  +@@ -434,7 +434,7 @@
  +     return 0;
  +   }
  + 
  +-  if ((stdfile = tempnam (NULL, "uu")) == NULL) {
  ++  if ((stdfile = _FP_tempnam (NULL, "uu")) == NULL) {
  +     fprintf (stderr, "proc_stdin: cannot get temporary file\n");
  +     return 0;
  +   }
  +
  +--- uulib/fptools.c
  ++++ uulib/fptools.c
  +@@ -507,5 +507,15 @@
  + char * TOOLEXPORT
  + _FP_tempnam (char *dir, char *pfx)
  + {
  +-  return _FP_strdup (tmpnam (NULL));
  ++  int fd;
  ++  char fileName[100];
  ++
  ++  strncpy(fileName, pfx, 90);
  ++  strcat(fileName, "XXXXXX");
  ++  fd = mkstemp(fileName);
  ++  if (fd == -1)
  ++    return NULL;
  ++  close(fd);
  ++  unlink(fileName);
  ++  return _FP_strdup (fileName);
  + }
  +
  +--- uulib/uunconc.c
  ++++ uulib/uunconc.c
  +@@ -1264,7 +1264,7 @@
  +   else
  +     mode = "wb";    /* otherwise in binary          */
  + 
  +-  if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
  ++  if ((data->binfile = _FP_tempnam (NULL, "uu")) == NULL) {
  +     UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
  +            uustring (S_NO_TEMP_NAME));
  +     return UURET_NOMEM;
  +@@ -1426,7 +1426,7 @@
  +    */
  + 
  +   if (data->uudet == BH_ENCODED && data->binfile) {
  +-    if ((ntmp = tempnam (NULL, "uu")) == NULL) {
  ++    if ((ntmp = _FP_tempnam (NULL, "uu")) == NULL) {
  +       UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
  +              uustring (S_NO_TEMP_NAME));
  +       progress.action = 0;
  +
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to