lang/caml-light/patches/patch-yacc_main_c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

$NetBSD: patch-yacc_main_c,v 1.2 2012/10/20 22:11:30 joerg Exp $

Avoid insecure use of mktemp().

--- yacc/main.c~	1995-06-07 09:34:32.000000000 -0400
+++ yacc/main.c	2008-09-04 22:15:26.000000000 -0400
@@ -1,4 +1,5 @@
 #include <signal.h>
+#include <stdlib.h> /* for mkstemp(), getenv() */
 #include "defs.h"
 
 char dflag;
@@ -31,6 +32,11 @@ char *text_file_name;
 char *union_file_name;
 char *verbose_file_name;
 
+static int action_fd = -1;
+static int entry_fd = -1;
+static int text_fd = -1;
+static int union_fd = -1;
+
 FILE *action_file;	/*  a temp file, used to save actions associated    */
 			/*  with rules until the parser is written	    */
 FILE *entry_file;
@@ -69,9 +75,6 @@ char  *rassoc;
 short **derives;
 char *nullable;
 
-extern char *mktemp();
-extern char *getenv();
-
 
 done(k)
 int k;
@@ -121,7 +124,7 @@ usage()
     exit(1);
 }
 
-getargs(argc, argv)
+void getargs(argc, argv)
 int argc;
 char *argv[];
 {
@@ -276,12 +279,21 @@ create_file_names()
     union_file_name[len + 5] = 'u';
 
 #ifndef NO_UNIX
-    mktemp(action_file_name);
-    mktemp(entry_file_name);
-    mktemp(text_file_name);
-    mktemp(union_file_name);
+    action_fd = mkstemp(action_file_name);
+    entry_fd = mkstemp(entry_file_name);
+    text_fd = mkstemp(text_file_name);
+    union_fd = mkstemp(union_file_name);
 #endif
 
+    if (action_fd < 0)
+	open_error(action_file_name);
+    if (entry_fd < 0)
+	open_error(entry_file_name);
+    if (text_fd < 0)
+	open_error(text_file_name);
+    if (union_fd < 0)
+	open_error(union_file_name);
+
     len = strlen(file_prefix);
 
     output_file_name = MALLOC(len + 7);
@@ -321,15 +333,15 @@ open_files()
 	    open_error(input_file_name);
     }
 
-    action_file = fopen(action_file_name, "w");
+    action_file = fdopen(action_fd, "w");
     if (action_file == 0)
 	open_error(action_file_name);
 
-    entry_file = fopen(entry_file_name, "w");
+    entry_file = fdopen(entry_fd, "w");
     if (entry_file == 0)
 	open_error(entry_file_name);
 
-    text_file = fopen(text_file_name, "w");
+    text_file = fdopen(text_fd, "w");
     if (text_file == 0)
 	open_error(text_file_name);
 
@@ -345,7 +357,7 @@ open_files()
 	defines_file = fopen(defines_file_name, "w");
 	if (defines_file == 0)
 	    open_error(defines_file_name);
-	union_file = fopen(union_file_name, "w");
+	union_file = fdopen(union_fd, "w");
 	if (union_file ==  0)
 	    open_error(union_file_name);
     }