Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 17 Feb 2001 19:28:00 +0100 (CET)
From:      xpaint@oldach.net
To:        FreeBSD-gnats-submit@freebsd.org
Cc:        hmo@sep.hamburg.com
Subject:   ports/25176: ports/graphics/xpaint temporary file problem
Message-ID:  <200102171828.f1HIS0u49879@sep.hamburg.com>
next in thread | raw e-mail | index | archive | help 

>Number:         25176
>Category:       ports
>Synopsis:       ports/graphics/xpaint 2.6.1 allocates temporary files with illegal names
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Feb 17 10:30:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Helge Oldach
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
>Environment:

openTemp() in readRC.c allocates wrong space, resulting in an illegal
filename.

>Description:

	static FILE *
	openTemp(char **np)
	{
	    char *n;
	    char xx[256];

	    if ((n = getenv("TMPDIR")) == NULL)
		n = "/tmp";

	    strcpy(xx, n);
	    strcat(xx, "/XPaintXXXXXXX");
	#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__)
	    if ((fd = mkstemp(xx) < 0))
		return (FILE *) NULL;
	    tempName[++tempIndex] = XtNewString(n);
	    /********************************* ^^^ ***************************/
	    if (np != NULL)
		*np = tempName[tempIndex];
	    return fdopen(fd, "w");
	#else
	    n = mktemp(xx);
	    tempName[++tempIndex] = XtNewString(n);
	    if (np != NULL)
		*np = tempName[tempIndex];
	    return fopen(tempName[tempIndex], "w");
	#endif
	}

XtNewString(n) basically is (strcpy(XtMalloc((unsigned) strlen(n) + 1), n))

At the marked line, XtNewString copies n but in fact should copy xx, as
this is the temporary file name previously created by mkstemp(). This
apparently is a simple copy error from the non-FreeBSD code.

The effect is that a too short temporary filename is allocated, in fact
it's just TMPDIR (or /tmp) which is a directory and not a legal filename.

>How-To-Repeat:

make

>Fix:

Replace "XtNewString(n)" with "XtNewString(xx)" in
ports/graphics/xpaint/files/patch-ae.


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102171828.f1HIS0u49879>