Bug#983297: Substitute "mktemp" with "mkstemp"

Sun, 21 Feb 2021 18:15:15 -0800 

Source: nn
Version: 6.7.3-14
Severity: normal
Tags: patch

Dear Maintainer,

>From 1da3e089210539ef445e6b32a393b9870f967df9 Mon Sep 17 00:00:00 2001
>From: Bjarni Ingi Gislason <bjarn...@rhi.hi.is>
>Date: Mon, 22 Feb 2021 02:04:32 +0000
>Subject: [PATCH] Substitute "mktemp" with "mkstemp"

  Substitute "mktemp" with "mkstemp" in files "nntp.c" and
"contrib/recmail.c" as "mktemp" is unsafe,
see "man 3 mktemp".

Signed-off-by: Bjarni Ingi Gislason <bjarn...@rhi.hi.is>
---
 contrib/recmail.c | 4 ++--
 nntp.c            | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/contrib/recmail.c b/contrib/recmail.c
index 78670d9..25e5f45 100644
--- a/contrib/recmail.c
+++ b/contrib/recmail.c
@@ -48,7 +48,7 @@
 extern char *getlogin();
 extern char *getenv();
 extern char *malloc();
-extern char *mktemp();
+extern char *mkstemp();
 extern struct passwd *getpwnam();
 void get_host_name();
 
@@ -89,7 +89,7 @@ char **argv;
 /*  FIX  this could be much better */
        *tolist++ = MAILER;
        *tolist++ = "-f";
-       *tolist++ = mktemp(strcpy(mail_spool, mail_template));
+       *tolist++ = mkstemp(strcpy(mail_spool, mail_template));
        *tolist = pbuff;
 
        if ((sfd = fopen(mail_spool, "w")) == NULL){
diff --git a/nntp.c b/nntp.c
index 0ba296f..c1bee4c 100644
--- a/nntp.c
+++ b/nntp.c
@@ -120,7 +120,7 @@ int             nntp_debug = 0;
 extern char    *home_directory;
 extern int      silent;
 
-extern char    *mktemp();
+extern char    *mkstemp();
 
 static FILE    *nntp_in = NULL;        /* fp for reading from server */
 static FILE    *nntp_out = NULL;/* fp for writing to server */
@@ -996,7 +996,7 @@ nntp_get_active(void)
     if (!is_connected && connect_server() < 0)
        return -1;
 
-    new_name = mktemp(relative(db_directory, ".actXXXXXX"));
+    new_name = mkstemp(relative(db_directory, ".actXXXXXX"));
 
     switch (n = ask_server("LIST")) {
        case OK_GROUPS:
@@ -1053,7 +1053,7 @@ nntp_get_newsgroups(void)
     FILE           *new;
     int             n;
 
-    new_name = mktemp(relative(tmp_directory, "nngrXXXXXX"));
+    new_name = mkstemp(relative(tmp_directory, "nngrXXXXXX"));
     new = open_file(new_name, OPEN_CREATE_RW | OPEN_UNLINK);
     if (new == NULL)
        return NULL;
-- 
2.30.0



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.9-1 (SMP w/2 CPU threads)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

-- debconf information excluded

-- 
Bjarni I. Gislason

Reply via email to