72d0164644
tmpnam() is inherently insecure due to race conditions between
filename generation and file creation (CWE-377). Replace all
occurrences with mkstemp() which atomically creates the file.
Pattern used (portable, already used elsewhere in CDE):
strcpy(tmpName, "/tmp/dtXXX_XXXXXX");
{ int _tf = mkstemp(tmpName); if (_tf >= 0) close(_tf); }
Files modified:
- lib/DtHelp/Access.c (2 occurrences)
- lib/DtSvc/DtUtil1/DtsMM.c (1 occurrence)
- lib/DtWidget/Editor.c (2 occurrences)
- lib/DtWidget/SearchCalls.c (1 occurrence)
- programs/dtcreate/main.c (2 occurrences)
- programs/dticon/main.c (1 occurrence)
- programs/dtlogin/policy.c (1 occurrence)
- programs/dtpad/fileIo.c (1 occurrence)
- programs/dtpdm/PdmXp.c (1 occurrence)
- programs/dtpdmd/manager.c (1 occurrence)
- programs/dtspcd/main.c (1 occurrence)
- programs/dtwm/WmResParse.c (1 occurrence)
Note: dtksh/ksh93 directory intentionally skipped (vendored code)
|
||
|---|---|---|
| .. | ||
| AddFiletype.c | ||
| AddFiletype.h | ||
| Confirmed.c | ||
| Confirmed.h | ||
| CreateActionAppShell.c | ||
| CreateActionAppShell.h | ||
| Dtcreate | ||
| ErrorDialog.c | ||
| ErrorDialog.h | ||
| FileCharacteristics.c | ||
| FileCharacteristics.h | ||
| Makefile.am | ||
| OpenFile.c | ||
| OpenFile.h | ||
| UxXt.c | ||
| UxXt.h | ||
| af_aux.c | ||
| af_aux.h | ||
| ca_aux.c | ||
| ca_aux.h | ||
| cmncbs.c | ||
| cmncbs.h | ||
| cmnrtns.c | ||
| cmnrtns.h | ||
| cmnutils.c | ||
| cmnutils.h | ||
| dtcreate.ddf | ||
| dtcreate.h | ||
| dtcreate.msg | ||
| dtcreate.sh | ||
| fileio.c | ||
| fileio.h | ||
| icon_selection_dialog.c | ||
| icon_selection_dialog.h | ||
| main.c | ||
| nlsREADME.txt | ||
| parser.c | ||
| parser.h | ||