This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Security patch for binutils-2.11.92.0.10 (2nd try)...
- To: binutils at sources dot redhat dot com
- Subject: Security patch for binutils-2.11.92.0.10 (2nd try)...
- From: "Steven J. Hill" <sjhill at realitydiluted dot com>
- Date: Fri, 09 Nov 2001 08:57:18 -0600
- Cc: sjhill at cotw dot com
This is my second attempt at a small security patch to replace
all 'mktemp' calls (2 of them) with calls to 'mkstemp'. My
first patch was wrong because I neglected to close the open
file descriptor that gets returned by 'mkstemp'. This is now
fixed and should function properly. Thanks.
-Steve
diff -urN binutils-2.11.92.0.10/binutils/bucomm.c binutils-2.11.92.0.10-patched/binutils/bucomm.c
--- binutils-2.11.92.0.10/binutils/bucomm.c Mon Oct 1 17:25:22 2001
+++ binutils-2.11.92.0.10-patched/binutils/bucomm.c Fri Nov 9 08:43:38 2001
@@ -233,14 +233,14 @@
#endif
strcat (tmpname, "/");
strcat (tmpname, template);
- mktemp (tmpname);
+ close (mkstemp (tmpname));
*slash = c;
}
else
{
tmpname = xmalloc (sizeof (template));
strcpy (tmpname, template);
- mktemp (tmpname);
+ close (mkstemp (tmpname));
}
return tmpname;
}