687e227b48
to fix a remotely exploitable format string vulnerability, but in the course of trying to make the new version actually build I discovered that it also has local tempfile vulnerabilities, among other problems.
20 lines
563 B
Text
20 lines
563 B
Text
--- lib/cache.c.orig Sat Mar 3 17:42:43 2001
|
|
+++ lib/cache.c Mon Apr 30 00:16:57 2001
|
|
@@ -42,7 +42,7 @@
|
|
}
|
|
g_free (tempstr);
|
|
|
|
- srand (time (NULL));
|
|
+ srandomdev();
|
|
tempstr = NULL;
|
|
cachefile = NULL;
|
|
do
|
|
@@ -54,7 +54,7 @@
|
|
g_free (cachefile);
|
|
|
|
cachefile = g_strdup_printf ("cache%ld",
|
|
- 1 + (long) (99999999.0 * rand () /
|
|
+ 1 + (long) (99999999.0 * random () /
|
|
(RAND_MAX + 1.0)));
|
|
tempstr = g_strdup_printf ("%s/%s", cachedir, cachefile);
|
|
}
|