- Fixed an unsafe use of gettempname().

- Call gettempname() with its new args.
author: Wayne Davison <wayned@users.sourceforge.net> 2004-10-18 19:07:50 +0000
committer: Wayne Davison <wayned@users.sourceforge.net> 2004-10-18 19:07:50 +0000
commit: 9a4cf8cf7240a4d029acd23420ffd877de16d1f1 (patch)
tree: 95ccbfe242c35617a1718354e8cfc5030b3fde27
parent: 1637c4eba690a60cd90dde0d81a3b1ebb0dac68b (diff)
download: zsh-9a4cf8cf7240a4d029acd23420ffd877de16d1f1.tar.gz
zsh-9a4cf8cf7240a4d029acd23420ffd877de16d1f1.tar.xz
zsh-9a4cf8cf7240a4d029acd23420ffd877de16d1f1.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/Src/builtin.c b/Src/builtin.c
index 43fe7803a..dcf856cc1 100644
--- a/Src/builtin.c
+++ b/Src/builtin.c
@@ -1445,7 +1445,7 @@ bin_fc(char *nam, char **argv, Options ops, int func)
 	char *fil;
 
 	retval = 1;
-	fil = gettempname();
+	fil = gettempname(NULL, 1);
 	if (((tempfd = open(fil, O_WRONLY | O_CREAT | O_EXCL | O_NOCTTY, 0600))
 	     == -1) ||
 	    ((out = fdopen(tempfd, "w")) == NULL)) {
@@ -3534,8 +3534,10 @@ bin_print(char *name, char **args, Options ops, int func)
     	if ((fout = open_memstream(&buf, &mcount)) == NULL)
 	    zwarnnam(name, "open_memstream failed", NULL, 0);
 #else
-	char *tmpf = gettempname();
-    	if ((fout = fopen(tmpf, "w+")) == NULL)
+	int tempfd;
+	char *tmpf = gettempname(NULL, 1);
+	if ((tempfd = open(tmpf, O_RDWR|O_CREAT|O_EXCL, 0644)) < 0
+	 || (fout = fdopen(tempfd, "w+")) == NULL)
 	    zwarnnam(name, "can't open temp file: %e", NULL, errno);
 	unlink(tmpf);
 #endif
author	Wayne Davison <wayned@users.sourceforge.net>	2004-10-18 19:07:50 +0000
committer	Wayne Davison <wayned@users.sourceforge.net>	2004-10-18 19:07:50 +0000
commit	9a4cf8cf7240a4d029acd23420ffd877de16d1f1 (patch)
tree	95ccbfe242c35617a1718354e8cfc5030b3fde27
parent	1637c4eba690a60cd90dde0d81a3b1ebb0dac68b (diff)
download	zsh-9a4cf8cf7240a4d029acd23420ffd877de16d1f1.tar.gz zsh-9a4cf8cf7240a4d029acd23420ffd877de16d1f1.tar.xz zsh-9a4cf8cf7240a4d029acd23420ffd877de16d1f1.zip