falso
/
cdesktopenv
mirror of https://git.code.sf.net/p/cdesktopenv/code
1
0
Fork 0
Code Issues Releases Wiki Activity
cdesktopenv/cde/programs/dtpad
History
Trung Lê 72d0164644 Security: replace tmpnam() with mkstemp() 
tmpnam() is inherently insecure due to race conditions between
filename generation and file creation (CWE-377). Replace all
occurrences with mkstemp() which atomically creates the file.

Pattern used (portable, already used elsewhere in CDE):
  strcpy(tmpName, "/tmp/dtXXX_XXXXXX");
  { int _tf = mkstemp(tmpName); if (_tf >= 0) close(_tf); }

Files modified:
- lib/DtHelp/Access.c (2 occurrences)
- lib/DtSvc/DtUtil1/DtsMM.c (1 occurrence)
- lib/DtWidget/Editor.c (2 occurrences)
- lib/DtWidget/SearchCalls.c (1 occurrence)
- programs/dtcreate/main.c (2 occurrences)
- programs/dticon/main.c (1 occurrence)
- programs/dtlogin/policy.c (1 occurrence)
- programs/dtpad/fileIo.c (1 occurrence)
- programs/dtpdm/PdmXp.c (1 occurrence)
- programs/dtpdmd/manager.c (1 occurrence)
- programs/dtspcd/main.c (1 occurrence)
- programs/dtwm/WmResParse.c (1 occurrence)

Note: dtksh/ksh93 directory intentionally skipped (vendored code)
 		2026-01-29 17:10:18 +11:00
..
Dtpad
Makefile.am configure/Makefiles: add checks for Xmu, Xext, and Xdmcp 2021-12-21 16:42:22 -07:00
dtpad.c dtpad: fix implicit-function-declaration warnings 2021-11-12 16:37:02 -07:00
dtpad.h Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
dtpad.msg
editCB.c
fileCB.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
fileDlg.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
fileIo.c Security: replace tmpnam() with mkstemp() 2026-01-29 17:10:18 +11:00
formatCB.c
help.h
helpCB.c
helpDlg.c
main.c handle missing return values 2025-12-18 22:58:26 +01:00
mapfile.reorder
messageParam.h
optionsCB.c
printJob.c dtpad: Change to ANSI function definitions 2018-06-28 04:24:03 +01:00
printOutput.c
printSetup.c Discontinue HPUX support 2022-07-23 17:49:33 -06:00
session.c dticon, dtpad, dtterm: fix session save issues (sprintf bogosity) 2023-02-18 15:40:08 -07:00
ttMsgSupport.c Handle changes needed for C23 compatibility that turns on strict ansi prototypes by default. C23 is now the default for GCC 15 2025-12-31 15:06:27 +00:00
ttSaveSupport.c Spelling fixes 2018-05-31 22:23:19 -06:00