File: tempfile_creation_fix

package info (click to toggle)
apache 1.3.26-0woody6
  • links: PTS
  • area: main
  • in suites: woody
  • size: 3,572 kB
  • ctags: 196
  • sloc: ansic: 1,679; perl: 779; sh: 543; makefile: 411
file content (97 lines) | stat: -rw-r--r-- 2,752 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
diff -ruN -x Makefile.in -x configure -x *~ apache_1.3.9.orig/src/support/htdigest.c apache_1.3.9/src/support/htdigest.c
--- apache_1.3.9.orig/src/support/htdigest.c	Mon Aug  2 12:45:36 1999
+++ apache_1.3.9/src/support/htdigest.c	Thu Jan 25 21:10:37 2001
@@ -91,7 +91,7 @@
 
 #define MAX_STRING_LEN 256
 
-char *tn;
+char tn[MAX_STRING_LEN];
 
 static void getword(char *word, char *line, char stop)
 {
@@ -153,7 +153,7 @@
     ap_getpass("Re-type new password: ", pwv, sizeof(pwv));
     if (strcmp(pwin, pwv) != 0) {
 	fprintf(stderr, "They don't match, sorry.\n");
-	if (tn) {
+	if (strlen (tn)) {
 	    unlink(tn);
 	}
 	exit(1);
@@ -184,7 +184,7 @@
 static void interrupted(void)
 {
     fprintf(stderr, "Interrupted.\n");
-    if (tn)
+    if (strlen (tn))
 	unlink(tn);
     exit(1);
 }
@@ -200,8 +200,9 @@
     char x[MAX_STRING_LEN];
     char command[MAX_STRING_LEN];
     int found;
+    int tfd;
 
-    tn = NULL;
+    strcpy (tn, "/tmp/htdigest-XXXXXX");
     signal(SIGINT, (void (*)(int)) interrupted);
     if (argc == 5) {
 	if (strcmp(argv[1], "-c"))
@@ -220,8 +221,12 @@
     else if (argc != 4)
 	usage();
 
-    tn = tmpnam(NULL);
-    if (!(tfp = fopen(tn, "w"))) {
+    tfd = mkstemp (tn);
+    if (tfd == -1) {
+	fprintf(stderr, "Could not open temp file.\n");
+	exit(1);
+    }
+    if (!(tfp = fdopen(tfd, "w"))) {
 	fprintf(stderr, "Could not open temp file.\n");
 	exit(1);
     }
diff -ruN -x Makefile.in -x configure -x *~ apache_1.3.9.orig/src/support/htpasswd.c apache_1.3.9/src/support/htpasswd.c
--- apache_1.3.9.orig/src/support/htpasswd.c	Thu Aug 12 16:15:22 1999
+++ apache_1.3.9/src/support/htpasswd.c	Thu Jan 25 20:56:29 2001
@@ -117,7 +117,7 @@
  * This needs to be declared statically so the signal handler can
  * access it.
  */
-static char *tempfilename;
+static char tempfilename[MAX_STRING_LEN];
 
 /*
  * Get a line of input from the user, not including any terminating
@@ -350,8 +350,8 @@
     int noninteractive = 0;
     int i;
     int args_left = 2;
+    int tfd;
 
-    tempfilename = NULL;
     signal(SIGINT, (void (*)(int)) interrupted);
 
     /*
@@ -504,13 +504,14 @@
      * We can access the files the right way, and we have a record
      * to add or update.  Let's do it..
      */
-    tempfilename = tmpnam(NULL);
-    ftemp = fopen(tempfilename, "w+");
-    if (ftemp == NULL) {
+    strcpy(tempfilename, "/tmp/htpasswd-XXXXXX");
+    tfd = mkstemp(tempfilename);
+    if (tfd == -1) {
 	fprintf(stderr, "%s: unable to create temporary file\n", argv[0]);
 	perror("fopen");
 	exit(ERR_FILEPERM);
     }
+    ftemp = fdopen(tfd, "w+");
     /*
      * If we're not creating a new file, copy records from the existing
      * one to the temporary file until we find the specified user.