--- xfig.3.2.4/f_readeps.c +++ xfig.3.2.4/f_readeps.c 2003-05-06 12:07:54.000000000 +0200 @@ -258,7 +258,7 @@ char buf[300]; FILE *tmpfp, *pixfile, *gsfile; char *psnam, *driver; - int status, wid, ht, nbitmap; + int status, wid, ht, nbitmap, fd; char tmpfile[PATH_MAX], pixnam[PATH_MAX], errnam[PATH_MAX], @@ -274,8 +274,12 @@ /* re-open the pipe */ close_picfile(file, filetype); file = open_picfile(file, &filetype, PIPEOK, pixnam); - sprintf(tmpfile, "%s/%s%06d", TMPDIR, "xfig-eps", getpid()); - if ((tmpfp = fopen(tmpfile, "wb")) == NULL) { + snprintf(tmpfile, sizeof(tmpfile), "%s/xfig-eps.XXXXXX", TMPDIR); + if ((fd = mkstemp(tmpfile)) == -1 || (tmpfp = fdopen(fd, "wb")) == NULL) { + if (fd != -1) { + unlink(tmpfile); + close(fd); + } file_msg("Couldn't open tmp file %s, %s", tmpfile, strerror(errno)); return False; } @@ -284,9 +288,21 @@ fclose(tmpfp); } /* make name /TMPDIR/xfig-pic.pix */ - sprintf(pixnam, "%s/%s%06d.pix", TMPDIR, "xfig-pic", getpid()); + snprintf(pixnam, sizeof(pixnam), "%s/xfig-pic.XXXXXX", TMPDIR); + if ((fd = mkstemp(pixnam)) == -1) { + file_msg("Couldn't open tmp file %s, %s", pixnam, strerror(errno)); + return False; + } + close(fd); + /* and file name for any error messages from gs */ - sprintf(errnam, "%s/%s%06d.err", TMPDIR, "xfig-pic", getpid()); + snprintf(errnam, sizeof(errnam), "%s/xfig-picerr.XXXXXX", TMPDIR); + if ((fd = mkstemp(errnam)) == -1) { + file_msg("Couldn't open tmp file %s, %s", errnam, strerror(errno)); + return False; + } + close(fd); + /* generate gs command line */ /* for monochrome, use pbm */ if (tool_cells <= 2 || appres.monochrome) { --- xfig.3.2.4/f_readgif.c +++ xfig.3.2.4/f_readgif.c 2003-05-06 11:56:53.000000000 +0200 @@ -75,7 +75,7 @@ char buf[BUFLEN],pcxname[PATH_MAX]; FILE *giftopcx; struct Cmap localColorMap[MAX_COLORMAP_SIZE]; - int i, stat, size; + int i, stat, size, fd; int useGlobalColormap; unsigned int bitPixel, red, green, blue; unsigned char c; @@ -172,7 +172,13 @@ /* now call giftopnm and ppmtopcx */ /* make name for temp output file */ - sprintf(pcxname, "%s/%s%06d.pix", TMPDIR, "xfig-pcx", getpid()); + snprintf(pcxname, sizeof(pcxname), "%s/xfig-pcx.XXXXXX", TMPDIR); + if ((fd = mkstemp(pcxname)) == -1) { + file_msg("Cannot create temporary file\n"); + return FileInvalid; + } + close(fd); + /* make command to convert gif to pcx into temp file */ sprintf(buf, "giftopnm | ppmtopcx > %s 2> /dev/null", pcxname); if ((giftopcx = popen(buf,"w" )) == 0) { --- xfig.3.2.4/f_readppm.c +++ xfig.3.2.4/f_readppm.c 2003-05-06 11:56:53.000000000 +0200 @@ -33,10 +33,16 @@ { char buf[BUFLEN],pcxname[PATH_MAX]; FILE *giftopcx; - int stat, size; + int stat, size, fd; /* make name for temp output file */ - sprintf(pcxname, "%s/%s%06d.pix", TMPDIR, "xfig-pcx", getpid()); + snprintf(pcxname, sizeof(pcxname), "%s/xfig-pcx.XXXXXX", TMPDIR); + if ((fd = mkstemp(pcxname)) == -1) { + file_msg("Cannot open temp file %s: %s\n", pcxname, strerror(errno)); + return FileInvalid; + } + close(fd); + /* make command to convert gif to pcx into temp file */ sprintf(buf, "ppmtopcx > %s 2> /dev/null", pcxname); if ((giftopcx = popen(buf,"w" )) == 0) { --- xfig.3.2.4/f_readtif.c +++ xfig.3.2.4/f_readtif.c 2003-05-06 11:56:53.000000000 +0200 @@ -32,11 +32,16 @@ { char buf[2*PATH_MAX+40],pcxname[PATH_MAX]; FILE *tiftopcx; - int stat; + int stat, fd; /* make name for temp output file */ - sprintf(pcxname, "%s/%s%06d.pix", TMPDIR, "xfig-pcx", getpid()); - + snprintf(pcxname, sizeof(pcxname), "%s/xfig-pcx.XXXXXX", TMPDIR); + if ((fd = mkstemp(pcxname)) == -1) { + file_msg("Cannot open temp file %s: %s\n", pcxname, strerror(errno)); + return FileInvalid; + } + close(fd); + /* make command to convert tif to pnm then to pcx into temp file */ /* for some reason, tifftopnm requires a file and can't work in a pipe */ sprintf(buf, "tifftopnm %s 2> /dev/null | ppmtopcx > %s 2> /dev/null", --- xfig.3.2.4/f_util.c +++ xfig.3.2.4/f_util.c 2003-05-06 12:13:22.000000000 +0200 @@ -902,14 +902,20 @@ char *name; { char line[RC_BUFSIZ+1], *tok; + int fd; /* make a temp filename in the user's home directory so we can just rename it to .xfigrc after creating it */ - sprintf(tmpname, "%s/%s%06d", userhome, "xfig-xfigrc", getpid()); - tmpf = fopen(tmpname,"wb"); - if (tmpf == 0) { - file_msg("Can't make temporary file for .xfigrc - error: %s",strerror(errno)); - return -1; + snprintf(tmpname, sizeof(tmpname), "%s/xfig-xfigrc.XXXXXX", userhome); + + if ((fd = mkstemp(tmpname)) == -1 || (tmpf = fdopen(fd, "wb")) == NULL) { + file_msg("Can't make temporary file for .xfigrc - error: %s", + strerror(errno)); + if (fd != -1) { + unlink(tmpname); + close(fd); + } + return -1; } /* read the .xfigrc file and write all to temp file except file names */ xfigrc = fopen(xfigrc_name,"r"); --- xfig.3.2.4/main.c +++ xfig.3.2.4/main.c 2003-05-06 11:56:53.000000000 +0200 @@ -621,8 +621,10 @@ update_figs = False; /* get the TMPDIR environment variable for temporary files */ - if ((TMPDIR = getenv("XFIGTMPDIR"))==NULL) - TMPDIR = "/tmp"; + if ((TMPDIR = getenv("XFIGTMPDIR"))==NULL) { + if ((TMPDIR = getenv("TMPDIR")) == NULL) + TMPDIR = "/tmp"; + } /* first check args to see if user wants to scale the figure as it is read in and make sure it is a resonable (positive) number */ @@ -1631,7 +1633,14 @@ if (userhome != NULL && *strcpy(cut_buf_name, userhome) != '\0') { strcat(cut_buf_name, "/.xfig"); } else { - sprintf(cut_buf_name, "%s/xfig%06d", TMPDIR, getpid()); + int fd; + sprintf(cut_buf_name, "%s/xfig.XXXXXX", TMPDIR); + if ((fd = mkstemp(cut_buf_name)) == -1) { + fprintf(stderr, "Can't create temporary file for cut_buff: %s\n", + strerror(errno)); + exit(0); + } + close(fd); } } --- xfig.3.2.4/mode.c +++ xfig.3.2.4/mode.c 2003-05-06 11:56:53.000000000 +0200 @@ -93,7 +93,7 @@ int cur_exp_lang; /* gets initialized in main.c */ Boolean batch_exists = False; -char batch_file[32]; +char batch_file[PATH_MAX]; /*******************************************************************/ /* If you change the order of the lang_items[] you must change the */ --- xfig.3.2.4/u_print.c +++ xfig.3.2.4/u_print.c 2003-05-06 12:18:47.000000000 +0200 @@ -85,9 +85,16 @@ char syspr[2*PATH_MAX+200]; char tmpfile[PATH_MAX]; char *name; + int fd; - sprintf(tmpfile, "%s/%s%06d", TMPDIR, "xfig-print", getpid()); + snprintf(tmpfile, sizeof(tmpfile), "%s/xfig-print.XXXXXX", TMPDIR); warnexist = False; + if ((fd = mkstemp(tmpfile)) == -1) { + file_msg("Can't open temp file %s: %s\n", tmpfile, strerror(errno)); + return; + } + close(fd); + init_write_tmpfile(); if (write_file(tmpfile, False)) { end_write_tmpfile(); @@ -166,14 +173,21 @@ char tmp_name[PATH_MAX]; char tmp_fig_file[PATH_MAX]; char *outfile, *name, *real_lang; + int fd; /* if file exists, ask if ok */ if (!ok_to_write(file, "EXPORT")) return (1); - sprintf(tmp_fig_file, "%s/%s%06d", TMPDIR, "xfig-fig", getpid()); - /* write the fig objects to a temporary file */ + snprintf(tmp_fig_file, sizeof(tmp_fig_file), "%s/xfig-fig.XXXXXX", TMPDIR); warnexist = False; + if ((fd = mkstemp(tmp_fig_file)) == -1) { + file_msg("Can't open temp file %s: %s\n", tmp_fig_file, + strerror(errno)); + return 1; + } + close(fd); + init_write_tmpfile(); if (write_file(tmp_fig_file, False)) { end_write_tmpfile(); @@ -491,10 +505,16 @@ char errfname[PATH_MAX]; FILE *errfile; char str[400]; - int status; + int status, fd; /* make temp filename for any errors */ - sprintf(errfname, "%s/xfig-export%06d.err", TMPDIR, getpid()); + snprintf(errfname, sizeof(errfname), "%s/xfig-export.XXXXXX", TMPDIR); + if ((fd = mkstemp(errfname)) == -1) { + file_msg("Can't open temp file %s: %s\n", errfname, strerror(errno)); + return 1; + } + close(fd); + /* direct any output from fig2dev to this file */ strcat(command, " 2> "); strcat(command, errfname); --- xfig.3.2.4/w_print.c +++ xfig.3.2.4/w_print.c 2003-05-06 12:20:46.000000000 +0200 @@ -289,9 +289,10 @@ Widget w; { FILE *infp,*outfp; - char tmp_exp_file[32]; + char tmp_exp_file[PATH_MAX]; char str[255]; char backgrnd[10], grid[80]; + int fd; if (writing_batch || emptyfigure_msg(print_msg)) return; @@ -300,11 +301,20 @@ /* this could happen if the user presses the button too fast */ writing_batch = True; - /* make a temporary name to write the batch stuff to */ - sprintf(batch_file, "%s/%s%06d", TMPDIR, "xfig-batch", getpid()); /* make a temporary name to write this figure to */ - sprintf(tmp_exp_file, "%s/%s%06d", TMPDIR, "xfig-exp", getpid()); - batch_exists = True; + snprintf(tmp_exp_file, sizeof(tmp_exp_file), "%s/xfig-exp.XXXXXX", + TMPDIR); + + if (batch_exists != True) { + /* make a temporary name to write the batch stuff to */ + sprintf(batch_file, "%s/xfig-batch.XXXXXX", TMPDIR); + if ((fd = mkstemp(batch_file)) == -1) { + file_msg("Error creating temporary file"); + return; + } + close(fd); + batch_exists = True; + } if (!print_popup) create_print_panel(w); @@ -317,6 +327,12 @@ /* make a #rrggbb string from the background color */ make_rgb_string(export_background_color, backgrnd); + if ((fd = mkstemp(tmp_exp_file)) == -1) { + file_msg("Error creating temporary file"); + return; + } + close(fd); + /* get grid params and assemble into fig2dev parm */ get_grid_spec(grid, print_grid_minor_text); --- xfig.3.2.4/w_srchrepl.c +++ xfig.3.2.4/w_srchrepl.c 2003-05-06 11:56:53.000000000 +0200 @@ -795,7 +795,7 @@ char *cmd; char str[300]; FILE *fp; - int len, i; + int len, i, fd; Boolean done = FALSE; static int lines = 0; @@ -811,9 +811,12 @@ } lines = 0; - sprintf(filename, "%s/xfig-spell.%d", TMPDIR, (int)getpid()); - fp = fopen(filename, "w"); - if (fp == NULL) { + snprintf(filename, sizeof(filename), "%s/xfig-spell.XXXXXX", TMPDIR); + if ((fd = mkstemp(filename)) == -1 || (fp = fdopen(fd, "w")) == NULL) { + if (fd != -1) { + unlink(filename); + close(fd); + } file_msg("Can't open temporary file: %s: %s\n", filename, strerror(errno)); } else { /* locate all text objects and write them to file fp */