falso
/
cdesktopenv
mirror of https://git.code.sf.net/p/cdesktopenv/code
1
0
Fork 0
Code Issues Releases Wiki Activity
cdesktopenv/cde/programs/dtspcd
History
Trung Lê 72d0164644 Security: replace tmpnam() with mkstemp() 
tmpnam() is inherently insecure due to race conditions between
filename generation and file creation (CWE-377). Replace all
occurrences with mkstemp() which atomically creates the file.

Pattern used (portable, already used elsewhere in CDE):
  strcpy(tmpName, "/tmp/dtXXX_XXXXXX");
  { int _tf = mkstemp(tmpName); if (_tf >= 0) close(_tf); }

Files modified:
- lib/DtHelp/Access.c (2 occurrences)
- lib/DtSvc/DtUtil1/DtsMM.c (1 occurrence)
- lib/DtWidget/Editor.c (2 occurrences)
- lib/DtWidget/SearchCalls.c (1 occurrence)
- programs/dtcreate/main.c (2 occurrences)
- programs/dticon/main.c (1 occurrence)
- programs/dtlogin/policy.c (1 occurrence)
- programs/dtpad/fileIo.c (1 occurrence)
- programs/dtpdm/PdmXp.c (1 occurrence)
- programs/dtpdmd/manager.c (1 occurrence)
- programs/dtspcd/main.c (1 occurrence)
- programs/dtwm/WmResParse.c (1 occurrence)

Note: dtksh/ksh93 directory intentionally skipped (vendored code)
 		2026-01-29 17:10:18 +11:00
..
Makefile.am configure: detect libdl 2022-07-31 18:33:49 -06:00
dtspcdenv.src Initial import of the CDE 2.1.30 sources from the Open Group. 2012-03-10 18:21:40 +00:00
main.c Security: replace tmpnam() with mkstemp() 2026-01-29 17:10:18 +11:00
spc-xt.c Fix typo in license headers 2018-04-28 12:30:20 -06:00
spcd_event.c Discontinue HPUX support 2022-07-23 17:49:33 -06:00
spcd_event.h Fix typo in license headers 2018-04-28 12:30:20 -06:00