pkgsrc/security/tripwire/patches/patch-af

$NetBSD: patch-af,v 1.1 2003/12/05 05:40:32 ben Exp $

--- src/dbase.build.c.orig	1994-07-25 08:24:09.000000000 -0700
+++ src/dbase.build.c
@@ -66,7 +66,6 @@ static char rcsid[] = "$Id: dbase.build.
 int files_scanned_num = 0;
 
 /* prototypes */
-char *mktemp();
 static void database_record_write();
 
 char backupfile[MAXPATHLEN+256];
@@ -92,6 +91,7 @@ database_build (pp_list, mode, pp_entry_
 {
     struct list_elem *p_fileentry;
     struct list_elem *p_configentry;
+    int fdw;
     FILE *fpw;
     char database[MAXPATHLEN+256];
     int entrynum,
@@ -130,11 +130,12 @@ database_build (pp_list, mode, pp_entry_
 	    die_with_err("malloc() failed in database_build", (char *) NULL);
 	(void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
 
-	if ((char *) mktemp(tmpfilename) == NULL)
-	    die_with_err("database_build: mktemp()", (char *) NULL);
+	fdw = mkstemp(tmpfilename);
+	if (fdw == -1)
+	    die_with_err("database_build: mkstemp()", (char *) NULL);
+	unlink(tmpfilename);
 
-	(void) strcpy(tempdatabase_file, tmpfilename);
-	(void) strcpy(database, tempdatabase_file);
+	(void) strcpy(database, tmpfilename);
 	free(tmpfilename);
     }					/* end if temporary database */
     else if (mode == DBASE_UPDATE) {
@@ -224,6 +225,11 @@ printf("database_build(): ---> olddataba
     }
 
     /* rebuild the database */
+    if (mode == DBASE_TEMPORARY) {
+	fpw = fdopen(fdw, "w+");
+	if (fpw == NULL)
+		die_with_err("call fdopen() failed.", NULL);
+    } else
     if ((fpw = fopen(database, "w")) == NULL)
 	die_with_err("Hint: Maybe the database directory '%s' doesn't exist?  fopen()", database);
 
@@ -367,10 +373,10 @@ printf("--(contents)-->%s\n", entry); 
 	  die_with_err("database_build: list_close() failed!\n", (char *) NULL);
     }
 
-    /* we don't want to allow anyone to spoof the temporary file in /tmp */
+    /* If the database was temporary, the file was unlink()ed, and is
+	"hidden" from other processes. */
     if (mode == DBASE_TEMPORARY) {
-	if ((fptempdbase = freopen(database, "r", fpw)) == NULL)
-	    die_with_err("temporary database file disappeared?!?", database);
+	fptempdbase = fpw;
 	rewind(fptempdbase);
     } else {
 	fclose(fpw);
Replace all uses of mktemp() with mkstemp() and close PR 23640. 2003-12-05 06:40:32 +01:00			$NetBSD: patch-af,v 1.1 2003/12/05 05:40:32 ben Exp $

			`--- src/dbase.build.c.orig 1994-07-25 08:24:09.000000000 -0700`
			`+++ src/dbase.build.c`
			`@@ -66,7 +66,6 @@ static char rcsid[] = "$Id: dbase.build.`
			`int files_scanned_num = 0;`

			`/* prototypes */`
			`-char *mktemp();`
			`static void database_record_write();`

			`char backupfile[MAXPATHLEN+256];`
			`@@ -92,6 +91,7 @@ database_build (pp_list, mode, pp_entry_`
			`{`
			`struct list_elem *p_fileentry;`
			`struct list_elem *p_configentry;`
			`+ int fdw;`
			`FILE *fpw;`
			`char database[MAXPATHLEN+256];`
			`int entrynum,`
			`@@ -130,11 +130,12 @@ database_build (pp_list, mode, pp_entry_`
			`die_with_err("malloc() failed in database_build", (char *) NULL);`
			`(void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);`

			`- if ((char *) mktemp(tmpfilename) == NULL)`
			`- die_with_err("database_build: mktemp()", (char *) NULL);`
			`+ fdw = mkstemp(tmpfilename);`
			`+ if (fdw == -1)`
			`+ die_with_err("database_build: mkstemp()", (char *) NULL);`
			`+ unlink(tmpfilename);`

			`- (void) strcpy(tempdatabase_file, tmpfilename);`
			`- (void) strcpy(database, tempdatabase_file);`
			`+ (void) strcpy(database, tmpfilename);`
			`free(tmpfilename);`
			`} /* end if temporary database */`
			`else if (mode == DBASE_UPDATE) {`
			`@@ -224,6 +225,11 @@ printf("database_build(): ---> olddataba`
			`}`

			`/* rebuild the database */`
			`+ if (mode == DBASE_TEMPORARY) {`
			`+ fpw = fdopen(fdw, "w+");`
			`+ if (fpw == NULL)`
			`+ die_with_err("call fdopen() failed.", NULL);`
			`+ } else`
			`if ((fpw = fopen(database, "w")) == NULL)`
			`die_with_err("Hint: Maybe the database directory '%s' doesn't exist? fopen()", database);`

			`@@ -367,10 +373,10 @@ printf("--(contents)-->%s\n", entry);`
			`die_with_err("database_build: list_close() failed!\n", (char *) NULL);`
			`}`

			`- /* we don't want to allow anyone to spoof the temporary file in /tmp */`
			`+ /* If the database was temporary, the file was unlink()ed, and is`
			`+ "hidden" from other processes. */`
			`if (mode == DBASE_TEMPORARY) {`
			`- if ((fptempdbase = freopen(database, "r", fpw)) == NULL)`
			`- die_with_err("temporary database file disappeared?!?", database);`
			`+ fptempdbase = fpw;`
			`rewind(fptempdbase);`
			`} else {`
			`fclose(fpw);`