File nedit-5.5CVS-security.patch of Package nedit

diff -ur nedit-5.5_CVS20100831/source/file.c nedit-5.5_CVS20100831_f/source/file.c
--- nedit-5.5_CVS20100831/source/file.c	2010-08-31 18:47:59.000000000 +0200
+++ nedit-5.5_CVS20100831_f/source/file.c	2010-08-31 18:50:03.000000000 +0200
@@ -1372,7 +1372,7 @@
 */
 void PrintString(const char *string, int length, Widget parent, const char *jobName)
 {
-    char tmpFileName[L_tmpnam];    /* L_tmpnam defined in stdio.h */
+    char *tmpFileName=strdup("/tmp/neditXXXXXX");
     FILE *fp;
     int fd;
 
@@ -1383,14 +1383,10 @@
 	    1. Create a filename
 	    2. Open the file with the O_CREAT|O_EXCL flags
 	So all an attacker can do is a DoS on the print function. */
-    tmpnam(tmpFileName);
+    fd = mkstemp(tmpFileName);
 
     /* open the temporary file */
-#ifdef VMS
-    if ((fp = fopen(tmpFileName, "w", "rfm = stmlf")) == NULL)
-#else
-    if ((fd = open(tmpFileName, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR | S_IWUSR)) < 0 || (fp = fdopen(fd, "w")) == NULL)
-#endif /* VMS */
+    if ((fp = fdopen(fd, "w")) == NULL)
     {
         DialogF(DF_WARN, parent, 1, "Error while Printing",
                 "Unable to write file for printing:\n%s", "OK",
@@ -1404,7 +1400,7 @@
     
     /* write to the file */
 #ifdef IBM_FWRITE_BUG
-    write(fileno(fp), string, length);
+    write(fd, string, length);
 #else
     fwrite(string, sizeof(char), length, fp);
 #endif
@@ -1414,6 +1410,7 @@
                 "%s not printed:\n%s", "OK", jobName, errorString());
         fclose(fp); /* should call close(fd) in turn! */
         remove(tmpFileName);
+	free(tmpFileName);
         return;
     }
     
@@ -1424,6 +1421,7 @@
                 "Error closing temp. print file:\n%s", "OK",
                 errorString());
         remove(tmpFileName);
+	free(tmpFileName);
         return;
     }
 
@@ -1435,6 +1433,7 @@
     PrintFile(parent, tmpFileName, jobName);
     remove(tmpFileName);
 #endif /*VMS*/
+    free(tmpFileName);
     return;
 }
openSUSE Build Service is sponsored by