falso
/
cdesktopenv
mirror of https://git.code.sf.net/p/cdesktopenv/code
1
0
Fork 0
Code Issues Releases Wiki Activity
cdesktopenv/cde/lib/DtHelp
History
Trung Lê 72d0164644 Security: replace tmpnam() with mkstemp() 
tmpnam() is inherently insecure due to race conditions between
filename generation and file creation (CWE-377). Replace all
occurrences with mkstemp() which atomically creates the file.

Pattern used (portable, already used elsewhere in CDE):
  strcpy(tmpName, "/tmp/dtXXX_XXXXXX");
  { int _tf = mkstemp(tmpName); if (_tf >= 0) close(_tf); }

Files modified:
- lib/DtHelp/Access.c (2 occurrences)
- lib/DtSvc/DtUtil1/DtsMM.c (1 occurrence)
- lib/DtWidget/Editor.c (2 occurrences)
- lib/DtWidget/SearchCalls.c (1 occurrence)
- programs/dtcreate/main.c (2 occurrences)
- programs/dticon/main.c (1 occurrence)
- programs/dtlogin/policy.c (1 occurrence)
- programs/dtpad/fileIo.c (1 occurrence)
- programs/dtpdm/PdmXp.c (1 occurrence)
- programs/dtpdmd/manager.c (1 occurrence)
- programs/dtspcd/main.c (1 occurrence)
- programs/dtwm/WmResParse.c (1 occurrence)

Note: dtksh/ksh93 directory intentionally skipped (vendored code)
 		2026-01-29 17:10:18 +11:00
..
il Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
jpeg remove more internal jpeg headers 2019-11-01 17:23:24 -06:00
AIX.lcx
Access.c Security: replace tmpnam() with mkstemp() 2026-01-29 17:10:18 +11:00
AccessCCDF.c Fix build under LLVM15 2023-02-18 14:47:38 -07:00
AccessCCDFI.h
AccessCCDFP.h
AccessSDL.c Fix memory leaks 2025-12-18 22:58:26 +01:00
AccessSDLI.h
AccessSDLP.h Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
Actions.c
AsciiSpc.c
AsciiSpcI.h
CCDFUtil.c
CCDFUtilI.h
CDE.lcx
Callbacks.c libDtHelp: Cov 88221 2018-08-11 00:36:29 +01:00
Canvas.c libDtHelp: Cov 89012 2018-08-11 00:44:52 +01:00
CanvasError.h
CanvasOs.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
CanvasOsI.h Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
CleanUp.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
CleanUpI.h Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
CvString.c DtHelp: Add the multibyte character support to _DtCvStrcspn. 2021-12-06 06:42:33 +08:00
CvStringI.h
CvtToArrayP.h
Destroy.c
DestroyI.h
DtHelp.msg
Environ_c.c libDtHelp: Cov 88275 2018-08-11 01:08:17 +01:00
FileListUtils.c
FileListUtilsI.h
FileUtils.c
Font.c DtHelp: Apply graceful degradation for font loading to avoid a segmentation 2021-12-06 06:42:32 +08:00
FontAttr.c
Format.c DtHelp: use system locales. 2022-01-26 19:50:11 +08:00
FormatCCDF.c Avoid conflict with X11 headers 2025-12-18 22:58:25 +01:00
FormatCCDFI.h DtHelp: use system locales. 2022-01-26 19:50:11 +08:00
FormatI.h Fix to compile warnings. 2019-10-11 10:49:48 +02:00
FormatMan.c Merge branch 'master' into dtdocbook 2022-01-30 08:04:32 +08:00
FormatManI.h
FormatSDL.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
FormatSDLI.h
FormatTerm.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
FormatUtil.c Centralize catgets() calls through MsgCat 2021-06-02 19:55:15 -06:00
FormatUtilI.h Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
FreeBSD.lcx
GenUtils.c
GenUtilsP.h
GifUtils.c 'notdef' means it's not used, so we remove it 2019-10-15 20:32:13 -06:00
GlobSearch.c Merge branch 'master' into dtdocbook 2022-01-30 08:04:32 +08:00
GlobSearchI.h
GlobSearchP.h
Graphics.c handle missing return values 2025-12-18 22:58:26 +01:00
GraphicsI.h
HelpAccess.c
HelpAccessI.h
HelpDialog.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
HelpDialogI.h Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
HelpDialogImageI.h
HelpErrorP.h
HelpI.h
HelpQuickD.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
HelpQuickDI.h Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
HelpUtil.c libDtHelp: Cov 88302 2018-08-11 01:14:03 +01:00
HelpUtilI.h
HelpXlate.c DtHelp: use system locales. 2022-01-26 19:50:11 +08:00
HelpXlate.h DtHelp: use system locales. 2022-01-26 19:50:11 +08:00
Helpos.c Rename autotools_config.h to cde_config.h to better reflect it's ownership. 2021-12-22 13:21:43 -07:00
History.c Fix to compile warnings. 2019-10-11 10:49:48 +02:00
HistoryI.h
HourGlass.c
HyperText.c Discontinue HPUX support 2022-07-23 17:49:33 -06:00
HyperTextI.h
JpegUtils.c remove more internal jpeg headers 2019-11-01 17:23:24 -06:00
Layout.c libdthelp: Resolve uninitialized warnings 2021-12-24 10:50:27 -07:00
LayoutUtil.c Merge branch 'master' into dtdocbook 2022-01-30 08:04:32 +08:00
LayoutUtilI.h DtHelp: support ending the lines which contains multibyte characters. 2021-12-06 07:31:21 +08:00
LinkMgr.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
LinkMgrI.h Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
Linux.lcx
Lock.h
Makefile.am Remove detected -lcrypt flag 2022-08-06 11:31:50 -06:00
Messages.c
MessagesP.h
NetBSD.lcx
Obsolete.c
ObsoleteP.h
OpenBSD.lcx
PathArea.c
PathAreaI.h
Print.c Discontinue HPUX support 2022-07-23 17:49:33 -06:00
PrintI.h
Resize.c
ResizeI.h
SDLI.h Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
Selection.c handle missing return values 2025-12-18 22:58:26 +01:00
SelectionI.h
SetList.c Centralize catgets() calls through MsgCat 2021-06-02 19:55:15 -06:00
StringFuncs.c Discontinue HPUX support 2022-07-23 17:49:33 -06:00
StringFuncsI.h
SunOS.lcx
UtilSDL.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
UtilSDLI.h Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
VirtFuncs.c DtHelp: keep processing even when some fonts are missing. 2022-01-26 19:50:38 +08:00
VirtFuncsI.h
VolSelect.c
VolSelectI.h
XInterface.c DtHelp: Apply graceful degradation for font loading to avoid a segmentation 2021-12-06 06:42:32 +08:00
XInterfaceI.h
XUICreate.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
XbmUtils.c
bufio.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
comment.txt
decompress.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
fmt_tbl.msg
mapfile.reorder