falso
/
cdesktopenv
mirror of https://git.code.sf.net/p/cdesktopenv/code
1
0
Fork 0
Code Issues Releases Wiki Activity
cdesktopenv/cde/programs/dticon
History
Trung Lê 72d0164644 Security: replace tmpnam() with mkstemp() 
tmpnam() is inherently insecure due to race conditions between
filename generation and file creation (CWE-377). Replace all
occurrences with mkstemp() which atomically creates the file.

Pattern used (portable, already used elsewhere in CDE):
  strcpy(tmpName, "/tmp/dtXXX_XXXXXX");
  { int _tf = mkstemp(tmpName); if (_tf >= 0) close(_tf); }

Files modified:
- lib/DtHelp/Access.c (2 occurrences)
- lib/DtSvc/DtUtil1/DtsMM.c (1 occurrence)
- lib/DtWidget/Editor.c (2 occurrences)
- lib/DtWidget/SearchCalls.c (1 occurrence)
- programs/dtcreate/main.c (2 occurrences)
- programs/dticon/main.c (1 occurrence)
- programs/dtlogin/policy.c (1 occurrence)
- programs/dtpad/fileIo.c (1 occurrence)
- programs/dtpdm/PdmXp.c (1 occurrence)
- programs/dtpdmd/manager.c (1 occurrence)
- programs/dtspcd/main.c (1 occurrence)
- programs/dtwm/WmResParse.c (1 occurrence)

Note: dtksh/ksh93 directory intentionally skipped (vendored code)
 		2026-01-29 17:10:18 +11:00
..
bitmaps
pixmaps Initial import of the CDE 2.1.30 sources from the Open Group. 2012-03-10 18:21:40 +00:00
Dticon
FileSetNums
Makefile.am configure: detect libdl 2022-07-31 18:33:49 -06:00
constants.h Use POSIX macros for linux 2018-05-24 18:22:55 -06:00
dtIconShell.c dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00
dticon.msg
event.c dticon: Resolve some warnings about format bufferss 2021-11-25 05:14:25 +00:00
event.h dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00
externals.h dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00
fileIO.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
fileIO.h dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00
fileIODialog.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
globals.c dticon: use libXpm directly. 2021-10-18 10:10:20 -06:00
graphics.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
graphics.h dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00
help.c dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00
help.h dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00
image.c handle missing return values 2025-12-18 22:58:26 +01:00
image.h handle missing return values 2025-12-18 22:58:26 +01:00
main.c Security: replace tmpnam() with mkstemp() 2026-01-29 17:10:18 +11:00
main.h remove ultrix support 2018-09-30 17:27:04 -06:00
newIconDialog.c dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00
nlsMsgChk.txt
nlsREADME.txt
process.c dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00
process.h dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00
queryDialog.c dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00
stdErrDialog.c dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00
utils.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
utils.h dticon: fix implicit-function-declaration warnings 2021-11-15 16:07:28 -07:00