summaryrefslogtreecommitdiff
path: root/app-editors/nedit/files/nedit-5.6-security.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-editors/nedit/files/nedit-5.6-security.patch')
-rw-r--r--app-editors/nedit/files/nedit-5.6-security.patch63
1 files changed, 63 insertions, 0 deletions
diff --git a/app-editors/nedit/files/nedit-5.6-security.patch b/app-editors/nedit/files/nedit-5.6-security.patch
new file mode 100644
index 000000000000..b24ef2355a3c
--- /dev/null
+++ b/app-editors/nedit/files/nedit-5.6-security.patch
@@ -0,0 +1,63 @@
+Index: nedit-5.5/source/file.c
+===================================================================
+--- nedit-5.5.orig/source/file.c 2004-08-24 11:37:24.000000000 +0200
++++ nedit-5.5/source/file.c 2010-03-27 18:44:01.000000000 +0100
+@@ -1314,7 +1314,7 @@
+ */
+ void PrintString(const char *string, int length, Widget parent, const char *jobName)
+ {
+- char tmpFileName[L_tmpnam]; /* L_tmpnam defined in stdio.h */
++ char *tmpFileName=strdup("/tmp/neditXXXXXX");
+ FILE *fp;
+ int fd;
+
+@@ -1325,14 +1325,10 @@
+ 1. Create a filename
+ 2. Open the file with the O_CREAT|O_EXCL flags
+ So all an attacker can do is a DoS on the print function. */
+- tmpnam(tmpFileName);
++ fd = mkstemp(tmpFileName);
+
+ /* open the temporary file */
+-#ifdef VMS
+- if ((fp = fopen(tmpFileName, "w", "rfm = stmlf")) == NULL)
+-#else
+- if ((fd = open(tmpFileName, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR | S_IWUSR)) < 0 || (fp = fdopen(fd, "w")) == NULL)
+-#endif /* VMS */
++ if ((fp = fdopen(fd, "w")) == NULL)
+ {
+ DialogF(DF_WARN, parent, 1, "Error while Printing",
+ "Unable to write file for printing:\n%s", "OK",
+@@ -1346,7 +1342,7 @@
+
+ /* write to the file */
+ #ifdef IBM_FWRITE_BUG
+- write(fileno(fp), string, length);
++ write(fd, string, length);
+ #else
+ fwrite(string, sizeof(char), length, fp);
+ #endif
+@@ -1356,6 +1352,7 @@
+ "%s not printed:\n%s", "OK", jobName, errorString());
+ fclose(fp); /* should call close(fd) in turn! */
+ remove(tmpFileName);
++ free(tmpFileName);
+ return;
+ }
+
+@@ -1366,6 +1363,7 @@
+ "Error closing temp. print file:\n%s", "OK",
+ errorString());
+ remove(tmpFileName);
++ free(tmpFileName);
+ return;
+ }
+
+@@ -1377,6 +1375,7 @@
+ PrintFile(parent, tmpFileName, jobName);
+ remove(tmpFileName);
+ #endif /*VMS*/
++ free(tmpFileName);
+ return;
+ }
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 14:09:23 +0000