diff options
-rw-r--r-- | src/xditview/ChangeLog | 5 | ||||
-rw-r--r-- | src/xditview/Dvi.c | 10 | ||||
-rw-r--r-- | src/xditview/xtotroff.c | 12 |
3 files changed, 17 insertions, 10 deletions
diff --git a/src/xditview/ChangeLog b/src/xditview/ChangeLog index 435e1869..2d3872c8 100644 --- a/src/xditview/ChangeLog +++ b/src/xditview/ChangeLog @@ -1,3 +1,8 @@ +2000-03-01 Colin Phipps <crp22@cam.ac.uk> + + * Dvi.c (OpenFile): Use tmpdir() for security reasons. + * xtotroff.c (MapFont): Avoid race while opening file. + 2000-02-06 Werner LEMBERG <wl@gnu.org> * Imakefile: Adapted to new directory structure. diff --git a/src/xditview/Dvi.c b/src/xditview/Dvi.c index 5eae76d8..08eb810a 100644 --- a/src/xditview/Dvi.c +++ b/src/xditview/Dvi.c @@ -379,15 +379,9 @@ static void CloseFile (dw) static void OpenFile (dw) DviWidget dw; { - char tmpName[sizeof ("/tmp/dviXXXXXX")]; - dw->dvi.tmpFile = 0; - if (!dw->dvi.seek) { - strcpy (tmpName, "/tmp/dviXXXXXX"); - mktemp (tmpName); - dw->dvi.tmpFile = fopen (tmpName, "w+"); - unlink (tmpName); - } + if (!dw->dvi.seek) + dw->dvi.tmpFile = tmpfile(); dw->dvi.requested_page = 1; dw->dvi.last_page = 0; } diff --git a/src/xditview/xtotroff.c b/src/xditview/xtotroff.c index 3e4e78bc..97cac0a5 100644 --- a/src/xditview/xtotroff.c +++ b/src/xditview/xtotroff.c @@ -7,6 +7,9 @@ #include <X11/Xlib.h> #include <stdio.h> #include <ctype.h> +#include <unistd.h> +#include <stdlib.h> +#include <fcntl.h> #include "XFontName.h" #include "DviChar.h" @@ -148,8 +151,13 @@ MapFont (font_name, troff_name) printf ("%s -> %s\n", names[0], troff_name); - (void) unlink (troff_name); - out = fopen (troff_name, "w"); + { /* Avoid race while opening file */ + int fd; + (void) unlink (troff_name); + fd = open (troff_name, O_WRONLY | O_CREAT | O_EXCL, 0600); + out = fdopen (fd, "w"); + } + if (!out) { perror (troff_name); return 0; |