[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FYI: maketemp builtin fixes [m4--devo--1.0--patch-15]
|
From: |
Gary V. Vaughan |
|
Subject: |
FYI: maketemp builtin fixes [m4--devo--1.0--patch-15] |
|
Date: |
Mon, 2 May 2005 22:22:44 +0100 (BST) |
|
User-agent: |
mailnotify/0.6 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Applied to HEAD.
* looking for address@hidden/m4--devo--1.0--patch-14 to compare with
* comparing to address@hidden/m4--devo--1.0--patch-14
M ChangeLog
M modules/m4.c
M doc/m4.texinfo
* modified files
Index: Changelog
from Matt Kraai <address@hidden> (tiny change)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=84416
* doc/m4.texinfo (Maketemp): Change maketemp to refer to a new,
empty file rather than to a nonexistent file. This closes a
common security hole.
* modules/m4.c (m4_maketemp): Implement the above, by using
mkstemp rather than mktemp.
--- orig/doc/m4.texinfo
+++ mod/doc/m4.texinfo
@@ -22,7 +22,8 @@
@ifinfo
This file documents GNU @code{m4} @value{VERSION}
-Copyright (C) 1989, 1990, 1991, 1992, 1993, 1994, 1998, 1999, 2000, 2001
+Copyright (C) 1989, 1990, 1991, 1992, 1993, 1994, 1998, 1999, 2000,
+2001, 2004
Free Software Foundation, Inc.
Permission is granted to copy, distribute and/or modify this document
@@ -3465,28 +3466,21 @@
@deffn {Builtin (m4)} maketemp (@var{template})
There is a builtin macro, @code{maketemp}, for making temporary file
-names, which expands to a name of a non-existent file, made from the
+names, which expands to a name of a new, empty file, made from the
string @var{template}, which should end with the string @samp{XXXXXX}.
The six @code{X}'s are then replaced, usually with something that
includes the process id of the @code{m4} process, in order to make the
file name unique.
-The builtin macro @code{maketemp} is recognized only when given
-arguments.
address@hidden deffn
-
@comment ignore
@example
maketemp(`/tmp/fooXXXXXX')
@result{}/tmp/fooa07346
-maketemp(`/tmp/fooXXXXXX')
address@hidden/tmp/fooa07346
@end example
-As seen in the example, several calls of @code{maketemp} might expand to
-the same string, since the selection criteria is whether the file exists
-or not. If a file has not been created before the next call, the two
-macro calls might expand to the same name.
+The builtin macro @code{maketemp} is recognized only when given
+arguments.
address@hidden deffn
@node Miscellaneous
@chapter Miscellaneous builtin macros
--- orig/modules/m4.c
+++ mod/modules/m4.c
@@ -610,7 +610,14 @@
/* Use the first argument as at template for a temporary file name. */
M4BUILTIN_HANDLER (maketemp)
{
- mktemp (M4ARG (1));
+ int fd;
+ if ((fd = mkstemp (M4ARG(1))) < 0)
+ {
+ M4ERROR ((m4_get_warning_status_opt (context), errno,
+ "Cannot create tempfile %s", M4ARG (1)));
+ return;
+ }
+ close(fd);
m4_shipout_string (context, obs, M4ARG (1), 0, false);
}
- --
Gary V. Vaughan ())_. address@hidden,gnu.org}
Research Scientist ( '/ http://tkd.kicks-ass.net
GNU Hacker / )= http://www.gnu.org/software/libtool
Technical Author `(_~)_ http://sources.redhat.com/autobook
_________________________________________________________
This patch notification generated by tlaapply version 0.9
http://tkd.kicks-ass.net/arch/address@hidden/cvs-utils--tla--1.0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFCdpojFRMICSmD1gYRArnJAJ99B0wobLEGR9TbSqRLcJHiqJdsYQCgx8ID
W2ZcRNWozwuFA+YOsYtq2ro=
=eMH2
-----END PGP SIGNATURE-----
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- FYI: maketemp builtin fixes [m4--devo--1.0--patch-15],
Gary V. Vaughan <=