1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
Author: OHURA Makoto <ohura@debian.org>
Description: Original tools/texfix.c use mktemp, which is very unsecure.
Don't use mktemp.
--- a/tools/texfix.c
+++ b/tools/texfix.c
@@ -35,16 +35,11 @@
#endif
char line[BUFSIZ], line2[BUFSIZ];
-char tmpstr[] = "/tmp/tfXXXXXX";
char *tmpfn;
int cleanup();
main()
{
- if ((tmpfn = mktemp(tmpstr)) == NULL) {
- perror("mktemp failed.");
- exit(1);
- }
signal(SIGHUP, cleanup);
signal(SIGINT, cleanup);
signal(SIGQUIT, cleanup);
@@ -66,18 +61,20 @@
pageout()
{
FILE *tmpfp;
+ char tmpstr[14];
while (fgets(line, BUFSIZ, stdin) != NULL) {
fputs(line, stdout);
if (strcmp(line, BOP) == 0) {
- if ((tmpfp = fopen(tmpfn, "w")) == NULL) {
+ strcpy(tmpstr, "/tmp/tfXXXXXX");
+ if ((tmpfp = fdopen(mkstemp(tmpstr), "w")) == NULL) {
perror("fopen failed.");
exit(1);
}
while (fgets(line, BUFSIZ, stdin) != NULL)
if (strcmp(line, EOP) == 0) {
fclose(tmpfp);
- if ((tmpfp = fopen(tmpfn, "r")) == NULL) {
+ if ((tmpfp = fopen(tmpstr, "r")) == NULL) {
perror("fopen failed.");
exit(1);
}
|
