--- netpbm-10.34/lib/libpm.c- 2007-08-19 19:44:09 +0400 +++ netpbm-10.34/lib/libpm.c 2007-08-19 20:00:34 +0400 @@ -701,150 +701,34 @@ pm_openw(const char * const name) { -static const char * -tmpDir(void) { -/*---------------------------------------------------------------------------- - Return the name of the directory in which we should create temporary - files. - - The name is a constant in static storage. ------------------------------------------------------------------------------*/ - const char * tmpdir; - /* running approximation of the result */ - - tmpdir = getenv("TMPDIR"); /* Unix convention */ - - if (!tmpdir || strlen(tmpdir) == 0) - tmpdir = getenv("TMP"); /* Windows convention */ - - if (!tmpdir || strlen(tmpdir) == 0) - tmpdir = getenv("TEMP"); /* Windows convention */ - - if (!tmpdir || strlen(tmpdir) == 0) - tmpdir = TMPDIR; - - return tmpdir; -} - - - -static int -mkstempx(char * const filenameBuffer) { -/*---------------------------------------------------------------------------- - This is meant to be equivalent to POSIX mkstemp(). - - On some old systems, mktemp() is a security hazard that allows a hacker - to read or write our temporary file or cause us to read or write some - unintended file. On other systems, mkstemp() does not exist. - - A Windows/mingw environment is one which doesn't have mkstemp() - (2006.06.15). - - We assume that if a system doesn't have mkstemp() that its mktemp() - is safe, or that the total situation is such that the problems of - mktemp() are not a problem for the user. ------------------------------------------------------------------------------*/ - int retval; - int fd; - unsigned int attempts; - bool gotFile; - bool error; - - for (attempts = 0, gotFile = FALSE, error = FALSE; - !gotFile && !error && attempts < 100; - ++attempts) { - - char * rc; - rc = mktemp(filenameBuffer); - - if (rc == NULL) - error = TRUE; - else { - int rc; - - rc = open(filenameBuffer, O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); - - if (rc == 0) { - fd = rc; - gotFile = TRUE; - } else { - if (errno == EEXIST) { - /* We'll just have to keep trying */ - } else - error = TRUE; - } - } - } - if (gotFile) - retval = fd; - else - retval = -1; - - return retval; -} - - - -static int -mkstemp2(char * const filenameBuffer) { - -#if HAVE_MKSTEMP - if (0) - mkstempx(NULL); /* defeat compiler unused function warning */ - return mkstemp(filenameBuffer); -#else - return mkstempx(filenameBuffer); -#endif -} - - - void pm_make_tmpfile(FILE ** const filePP, const char ** const filenameP) { int fd; - FILE * fileP; - const char * filenameTemplate; - char * filenameBuffer; /* malloc'ed */ - unsigned int fnamelen; - const char * tmpdir; - const char * dirseparator; - - fnamelen = strlen (pm_progname) + 10; /* "/" + "_XXXXXX\0" */ + FILE * fp; + char * tmpfile = NULL; /* malloc'ed */ + const char * tmpdir = getenv("TMPDIR"); - tmpdir = tmpDir(); + if (!tmpdir || !*tmpdir) + tmpdir = P_tmpdir; - if (tmpdir[strlen(tmpdir) - 1] == '/') - dirseparator = ""; - else - dirseparator = "/"; - - asprintfN(&filenameTemplate, "%s%s%s%s", - tmpdir, dirseparator, pm_progname, "_XXXXXX"); - - if (filenameTemplate == NULL) + if (asprintfN(&tmpfile, "%s/%s.XXXXXXXX", tmpdir, pm_progname) < 0) pm_error("Unable to allocate storage for temporary file name"); - filenameBuffer = strdup(filenameTemplate); - - fd = mkstemp2(filenameBuffer); - + fd = mkstemp(tmpfile); if (fd < 0) pm_error("Unable to create temporary file according to name " "pattern '%s'. mkstemp() failed with " - "errno %d (%s)", filenameTemplate, errno, strerror(errno)); - else { - fileP = fdopen(fd, "w+b"); + "errno %d (%s)", tmpfile, errno, strerror(errno)); - if (fileP == NULL) + fp = fdopen(fd, "w+b"); + if (!fp) pm_error("Unable to create temporary file. fdopen() failed " "with errno %d (%s)", errno, strerror(errno)); - } - strfree(filenameTemplate); - *filenameP = filenameBuffer; - *filePP = fileP; + *filenameP = tmpfile; + *filePP = fp; }