[src/netbsd-1-4]: src/usr.sbin/pkg_install/lib Pull up revision 1.14 (request...

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/b4e0d6e23c56
branches:  netbsd-1-4
changeset: 470260:b4e0d6e23c56
user:      he <he%NetBSD.org@localhost>
date:      Wed Feb 02 23:06:51 2000 +0000

description:
Pull up revision 1.14 (requested by hubertf):
  Improve security by using mkstemp(3) instead of mktemp(3).

diffstat:

 usr.sbin/pkg_install/lib/ftpio.c |  16 +++++++++++-----
 1 files changed, 11 insertions(+), 5 deletions(-)

diffs (34 lines):

diff -r d7d3630b70f5 -r b4e0d6e23c56 usr.sbin/pkg_install/lib/ftpio.c
--- a/usr.sbin/pkg_install/lib/ftpio.c  Wed Feb 02 23:04:23 2000 +0000
+++ b/usr.sbin/pkg_install/lib/ftpio.c  Wed Feb 02 23:06:51 2000 +0000
@@ -1,8 +1,8 @@
-/*     $NetBSD: ftpio.c,v 1.11.2.3 2000/02/02 23:04:23 he Exp $        */
+/*     $NetBSD: ftpio.c,v 1.11.2.4 2000/02/02 23:06:51 he Exp $        */
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: ftpio.c,v 1.11.2.3 2000/02/02 23:04:23 he Exp $");
+__RCSID("$NetBSD: ftpio.c,v 1.11.2.4 2000/02/02 23:06:51 he Exp $");
 #endif
 
 /*
@@ -445,10 +445,16 @@
        char *s, buf[FILENAME_MAX];
        char tmpname[FILENAME_MAX];
        char best[FILENAME_MAX];
+       int tfd;
 
-       strcpy(tmpname, "/tmp/pkg.XXX");
-       mktemp(tmpname);
-       assert(tmpname != NULL);
+       strcpy(tmpname, "/tmp/pkg.XXXXXX");
+       tfd=mkstemp(tmpname);
+       if (tfd == -1) {
+               warnx("Cannot generate temp file for ftp(1)'s ls output");
+               return -1; /* error */
+       }
+       close(tfd); /* We don't need the file descriptor, but will use 
+                      the file in a second */
 
        s=strpbrk(pkg, "<>[]?*{"); /* Could leave out "[]?*" here;
                                    * ftp(1) is not that stupid */