kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/graphics/graphviz/files/patch-dotty::dotty.lefty
Christian Weisgerber aa27779311 Upstream fix for very insecure temp file creation in example script 
(CVE-2005-2965).

Approved by:	perky
2005-10-29 19:13:43 +00:00

21 lines
837 B
Text
Raw Blame History

--- dotty/dotty.lefty.orig
+++ dotty/dotty.lefty
@@ -668,7 +668,10 @@
if (~(otype = ask ('print to', 'choice', 'file|printer')))
return;
if (otype == 'printer') {
- name = '/tmp/dottyout.ps';
+ if (~getenv ('TMPDIR'))
+ name = concat (getenv ('HOME'), '/.dottyout.ps');
+ else
+ name = concat (getenv ('TMPDIR'), '/.dottyout.ps', random (10000));
if (getenv ('LEFTYWINSYS') ~= 'mswin' & ~pr)
if (~(pr = ask ('printer command', 'string', 'lpr')))
return;
@@ -768,5 +771,5 @@
vt.canvas = canvas;
destroywidget (pscanvas);
if (otype == 'printer' & getenv ('LEFTYWINSYS') ~= 'mswin')
- system (concat (pr, ' /tmp/dottyout.ps; rm /tmp/dottyout.ps'));
+ system (concat (pr, ' ', name, '; rm ',name));
};
Reference in a new issue View git blame Copy permalink