falso
/
cdesktopenv
mirror of https://git.code.sf.net/p/cdesktopenv/code
1
0
Fork 0
Code Issues Releases Wiki Activity
cdesktopenv/cde/lib
History
Trung Lê 72d0164644 Security: replace tmpnam() with mkstemp() 
tmpnam() is inherently insecure due to race conditions between
filename generation and file creation (CWE-377). Replace all
occurrences with mkstemp() which atomically creates the file.

Pattern used (portable, already used elsewhere in CDE):
  strcpy(tmpName, "/tmp/dtXXX_XXXXXX");
  { int _tf = mkstemp(tmpName); if (_tf >= 0) close(_tf); }

Files modified:
- lib/DtHelp/Access.c (2 occurrences)
- lib/DtSvc/DtUtil1/DtsMM.c (1 occurrence)
- lib/DtWidget/Editor.c (2 occurrences)
- lib/DtWidget/SearchCalls.c (1 occurrence)
- programs/dtcreate/main.c (2 occurrences)
- programs/dticon/main.c (1 occurrence)
- programs/dtlogin/policy.c (1 occurrence)
- programs/dtpad/fileIo.c (1 occurrence)
- programs/dtpdm/PdmXp.c (1 occurrence)
- programs/dtpdmd/manager.c (1 occurrence)
- programs/dtspcd/main.c (1 occurrence)
- programs/dtwm/WmResParse.c (1 occurrence)

Note: dtksh/ksh93 directory intentionally skipped (vendored code)
 		2026-01-29 17:10:18 +11:00
..
DtHelp Security: replace tmpnam() with mkstemp() 2026-01-29 17:10:18 +11:00
DtMmdb DtMmdb: fix a crash occurs when creating bookmark. 2024-07-21 00:43:27 +00:00
DtMrm Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
DtPrint Delete all unused/obsolete .elist files 2022-08-06 17:59:05 -06:00
DtSearch Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
DtSvc Security: replace tmpnam() with mkstemp() 2026-01-29 17:10:18 +11:00
DtTerm Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
DtWidget Security: replace tmpnam() with mkstemp() 2026-01-29 17:10:18 +11:00
DtXinerama library versioning: try to keep the versions at 2.1.0 for all platforms 2021-12-23 13:06:44 -07:00
csa Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
pam Delete all unused/obsolete .elist files 2022-08-06 17:59:05 -06:00
tt Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
Makefile.am dtlogin: use sessreg to manage utmp/wtmp. 2023-03-27 08:48:27 +00:00