Merge /u/runlevel5/cde/ branch fix-tmpnam-security into master

https://sourceforge.net/p/cdesktopenv/code/merge-requests/80/
2026-01-31 23:31:36 +00:00 · 2026-01-31 23:31:36 +00:00 · 65ef653c59
parent 44b93c9f52 72d0164644
commit 65ef653c59
12 changed files with 50 additions and 27 deletions
--- a/cde/lib/DtHelp/Access.c
+++ b/cde/lib/DtHelp/Access.c
@ -588,9 +588,10 @@ FileOpenRtnFd (
    if (*ret_fd == -1)
      {
 	/*
-	 * get a temporary name
+	 * get a temporary name using mkstemp for security
 	 */
-	(void) tmpnam (tmpName);
+	strcpy(tmpName, "/tmp/dthelp_XXXXXX");
+	{ int _tf = mkstemp(tmpName); if (_tf >= 0) close(_tf); }

 	/*
 	 * malloc memory for the dot Z file name.
@ -1087,9 +1088,10 @@ _DtHelpCeGetUncompressedFileName (
    if (access (name, F_OK) == -1)
      {
 	/*
-	 * get a temporary name
+	 * get a temporary name using mkstemp for security
 	 */
-	(void) tmpnam (tmpName);
+	strcpy(tmpName, "/tmp/dthelp_XXXXXX");
+	{ int _tf = mkstemp(tmpName); if (_tf >= 0) close(_tf); }

 	/*
 	 * malloc memory for the dot Z file name.
--- a/cde/lib/DtSvc/DtUtil1/DtsMM.c
+++ b/cde/lib/DtSvc/DtUtil1/DtsMM.c
@ -569,14 +569,15 @@ _DtDtsMMCacheName(int override)
 	{
 	/* tempnam(3) is affected by the TMPDIR environment variable. */
 	/* This creates problems for rename() if "tmpfile" and "cacheFile" */
-	/* are on different file systems.  Use tmpnam(3) to create the */
+	/* are on different file systems.  Use mkstemp(3) to create the */
 	/* unique file name instead. */
-		char tmpnam_buf[L_tmpnam + 1];
+		char tmpnam_buf[32];

 		results = (char *)malloc(strlen(_DTDTSMMTEMPDIR) +
 					 strlen(_DTDTSMMTEMPFILE) +
-					 L_tmpnam + 3);
-		tmpnam(tmpnam_buf);
+					 32);
+		strcpy(tmpnam_buf, "/tmp/dtdts_XXXXXX");
+		{ int _tf = mkstemp(tmpnam_buf); if (_tf >= 0) close(_tf); }
 		sprintf(results, "%s/%s%s", _DTDTSMMTEMPDIR, _DTDTSMMTEMPFILE,
 			basename(tmpnam_buf));
 	}
--- a/cde/lib/DtWidget/Editor.c
+++ b/cde/lib/DtWidget/Editor.c
@ -5181,6 +5181,7 @@ typedef struct {
 #define WORDPREV(d,at) (((at == d->wordbase) ? d->wordlimit : at) - 1)	/* function  */

 #include <locale.h>
+#include <unistd.h>
 extern int _nl_space_alt;


@ -6873,7 +6874,7 @@ DoAdjust(
        XmTextPosition	start,
        XmTextPosition	end)
 {
-    char tempName1[L_tmpnam], tempName2[L_tmpnam];
+    char tempName1[32], tempName2[32];
    DtEditorErrorCode returnVal;
    AdjRec adjRec;

@ -6961,8 +6962,9 @@ DoAdjust(
       /*
        * Create the two temp files
        */
-       (void)tmpnam(tempName1);
-       (void)tmpnam(tempName2);
+       strcpy(tempName1, "/tmp/dtedit1_XXXXXX");
+       strcpy(tempName2, "/tmp/dtedit2_XXXXXX");
+       { int _tf1 = mkstemp(tempName1), _tf2 = mkstemp(tempName2); if (_tf1 >= 0) close(_tf1); if (_tf2 >= 0) close(_tf2); }
       if ((adjRec.infp = fopen(tempName1, "w")) != (FILE *)NULL) {

         /* 
--- a/cde/lib/DtWidget/SearchCalls.c
+++ b/cde/lib/DtWidget/SearchCalls.c
@ -60,6 +60,7 @@
 #define X_INCLUDE_STRING_H
 #define XOS_USE_XT_LOCKING
 #include <X11/Xos_r.h>
+#include <unistd.h>

 extern XtPointer
 _XmStringUngenerate(XmString    string,
@ -96,7 +97,7 @@ DtEditorInvokeSpellDialog(
 	Widget widget)
 {
    DtEditorWidget pPriv = (DtEditorWidget) widget;
-    char fileName[L_tmpnam], com[L_tmpnam + 7], *string, newline[1];
+    char fileName[32], com[32 + 7], *string, newline[1];
    char *line;
    FILE *fp;           /* pipe to read words from */
    int len = 0;        /* length of line read in */
@ -119,7 +120,8 @@ DtEditorInvokeSpellDialog(
       /* 
        * Write out to a tmp file, getting the name back
        */
-       (void)tmpnam(fileName);
+       strcpy(fileName, "/tmp/dtsrch_XXXXXX");
+       { int _tf = mkstemp(fileName); if (_tf >= 0) close(_tf); }
       if((fp = fopen(fileName, "w")) != (FILE *)NULL) 
       {
          /* 
--- a/cde/programs/dtcreate/main.c
+++ b/cde/programs/dtcreate/main.c
@ -226,6 +226,7 @@ const char *af_tiny_icon_default = "/usr/dt/appconfig/icons/C/Dtdata.t";
 *---------------------------------------------------*/
 #ifndef DESIGN_TIME
 #include "UxXt.h"
+#include <unistd.h>
 #endif /* DESIGN_TIME */

 XtAppContext    UxAppContext;
@ -873,7 +874,8 @@ Tt_callback_action IconEdit_tt_handler( Tt_message m, Tt_pattern p )
           if (pIconData->pmDirtyBit) {
              tmpIconFile = pIconData->pmFileName;
           } else {
-              tmpnam(pIconData->pmFileName);
+              strcpy(pIconData->pmFileName, "/tmp/dtcreate_pm_XXXXXX");
+              { int _tf = mkstemp(pIconData->pmFileName); if (_tf >= 0) close(_tf); }
              bIsNewFile = True;
              tmpIconFile = pIconData->pmFileName;
           }
@ -881,7 +883,8 @@ Tt_callback_action IconEdit_tt_handler( Tt_message m, Tt_pattern p )
           if (pIconData->bmDirtyBit) {
              tmpIconFile = pIconData->bmFileName;
           } else {
-              tmpnam(pIconData->bmFileName);
+              strcpy(pIconData->bmFileName, "/tmp/dtcreate_bm_XXXXXX");
+              { int _tf = mkstemp(pIconData->bmFileName); if (_tf >= 0) close(_tf); }
              bIsNewFile = True;
              tmpIconFile = pIconData->bmFileName;
           }
--- a/cde/programs/dticon/main.c
+++ b/cde/programs/dticon/main.c
@ -58,6 +58,7 @@

 #ifdef __TOOLTALK
 #include <Tt/tttk.h>
+#include <unistd.h>
 int ttMark;
 int tt_tmpfile_fd = -1;
 static int undeclared = 0;
@ -521,7 +522,8 @@ if (tt_message_status(msg) == TT_WRN_START_MESSAGE) tt_message_reply(msg);
             }
             else
             {
-                (void) tmpnam(start_file);
+                strcpy(start_file, "/tmp/dticon_XXXXXX");
+                { int _tf = mkstemp(start_file); if (_tf >= 0) close(_tf); }
                if( (buf) && (!strncmp((char *)buf, "/* XPM */", 9)) )
                {
                   /* Format XPM */
--- a/cde/programs/dtlogin/policy.c
+++ b/cde/programs/dtlogin/policy.c
@ -246,7 +246,7 @@ WillingMsg( void )
    static char retbuf[LINEBUFSIZE];
    char	tmpbuf[LINEBUFSIZE * 8];
    char	*cp;
-    char	tmpfilename[L_tmpnam + 1];
+    char	tmpfilename[32];
    FILE	*f;


@ -260,7 +260,9 @@ WillingMsg( void )
    strcat(tmpbuf,"awk '{printf(\"%s %-.5s  load: %.3s, %.3s, %.3s\",$(NF-6),$(NF-5),$(NF-2),$(NF-1),$NF)}'");
    strcat(tmpbuf," > ");

-    if ( tmpnam(tmpfilename) != (char *)NULL ) {
+    strcpy(tmpfilename, "/tmp/dtlogin_XXXXXX");
+    { int _tf = mkstemp(tmpfilename); if (_tf >= 0) close(_tf); }
+    if ( tmpfilename[0] != '\0' ) {

 	strcat(tmpbuf,tmpfilename);

--- a/cde/programs/dtpad/fileIo.c
+++ b/cde/programs/dtpad/fileIo.c
@ -58,6 +58,7 @@
 #include <Xm/TextF.h>
 #include <Xm/LabelG.h>
 #include <Dt/HourGlass.h>
+#include <unistd.h>


 /************************************************************************
@ -255,10 +256,11 @@ LoadFile(
 char *
 GetTempFile(void)
 {
-    char *tempname = (char *)XtMalloc(L_tmpnam); /* Temporary file name. */
+    char *tempname = (char *)XtMalloc(32); /* Temporary file name. */
    FILE *tfp;

-    (void)tmpnam(tempname);
+    strcpy(tempname, "/tmp/dtpad_XXXXXX");
+    { int _tf = mkstemp(tempname); if (_tf >= 0) close(_tf); }
    if ((tfp = fopen(tempname, "w")) == NULL)
    {
        pid_t pid;
--- a/cde/programs/dtpdm/PdmXp.c
+++ b/cde/programs/dtpdm/PdmXp.c
@ -38,6 +38,7 @@
 #include "PdmXp.h"

 #include <X11/Intrinsic.h>
+#include <unistd.h>

 typedef enum {
    PDMXP_JOB, PDMXP_DOC, PDMXP_PRINTER, PDMXP_SERVER,
@ -488,9 +489,11 @@ void
 PdmXpUpdateAttributes(PdmXp* me)
 {
 #if 0 && defined(PRINTING_SUPPORTED)
-    char fname[L_tmpnam];
+    char fname[32];
    
-    if(tmpnam(fname))
+    strcpy(fname, "/tmp/dtpdm_XXXXXX");
+    { int _tf = mkstemp(fname); if (_tf >= 0) close(_tf); }
+    if(fname[0] != '\0')
    {
 	int i;
 	XrmDatabase pool;
--- a/cde/programs/dtpdmd/manager.c
+++ b/cde/programs/dtpdmd/manager.c
@ -363,7 +363,8 @@ void mgr_launch_pdm( XpPdmServiceRec *rec )
 	 * Create new .Xauthority file.
 	 */
 	original_umask = umask (0077);      /* disallow non-owner access */
-	tmpnam( rec->auth_filename );
+	strcpy(rec->auth_filename, "/tmp/dtpdmd_XXXXXX");
+	{ int _tf = mkstemp(rec->auth_filename); if (_tf >= 0) close(_tf); }
 	rec->auth_file = fopen( rec->auth_filename, "w" );

 	if (rec->auth_file) {
--- a/cde/programs/dtspcd/main.c
+++ b/cde/programs/dtspcd/main.c
@ -506,7 +506,7 @@ int Client_Register(protocol_request_ptr prot)
  int free_netfile = 0;
  char *spc_prefix = "/.SPC_";
  char *spc_suffix;
-  char tmpnam_buf[L_tmpnam + 1];
+  char tmpnam_buf[32];
  size_t buffsize;

  print_protocol_request((XeString)"--> REGISTER", prot);
@ -560,7 +560,8 @@ int Client_Register(protocol_request_ptr prot)
     * tmppath.  The protocol will fail when this occurs.  The fix is
     * to construct the tmpfile name.
     */
-    tmpnam(tmpnam_buf);
+    strcpy(tmpnam_buf, "/tmp/dtspcd_XXXXXX");
+    { int _tf = mkstemp(tmpnam_buf); if (_tf >= 0) close(_tf); }
    spc_suffix = basename(tmpnam_buf); /* Don't free result - not alloc'd! */

    /* Allocate space for tmppath, spc_prefix, and spc_suffix. */
--- a/cde/programs/dtwm/WmResParse.c
+++ b/cde/programs/dtwm/WmResParse.c
@ -96,6 +96,7 @@
 #include "WmFunction.h"
 #include "WmImage.h"
 #include "WmXSMP.h"
+#include <unistd.h>

 # include <errno.h>
 # ifdef X_NOT_STDC_ENV
@ -5971,7 +5972,7 @@ Boolean ParseWmFuncActionArg (unsigned char **linePP,
 static void
 PreprocessConfigFile (void)
 {
-#define CPP_NAME_SIZE	((L_tmpnam)+1)
+#define CPP_NAME_SIZE	32
    char pchCmd[MAXWMPATH+1];

    if (wmGD.cppCommand && *wmGD.cppCommand)
@ -5982,7 +5983,8 @@ PreprocessConfigFile (void)
 	pConfigStackTop->cppName = XtMalloc (CPP_NAME_SIZE * sizeof(char));
 	if (pConfigStackTop->cppName)
 	{
-	    (void) tmpnam (pConfigStackTop->cppName);
+	    strcpy(pConfigStackTop->cppName, "/tmp/dtwm_XXXXXX");
+	    { int _tf = mkstemp(pConfigStackTop->cppName); if (_tf >= 0) close(_tf); }

 	    /*
 	     * Build up the command line.