dtdbcache: Use mkstemp() instead of tmpnam() to avoid bad interactions

Patch from Aaron W. Hsu <arcfide@sacrideo.us>

diff --git a/cde/lib/DtSvc/DtUtil1/MMDb.c b/cde/lib/DtSvc/DtUtil1/MMDb.c
index 20a92602e493ef11f682e2f4804379c7190e047f..7891340e834d738557ac928e57727e8c4796ecb0 100644 (file)
--- a/cde/lib/DtSvc/DtUtil1/MMDb.c
+++ b/cde/lib/DtSvc/DtUtil1/MMDb.c
@@ -680,13 +680,25 @@ write_db(DtDtsMMHeader *header, void *index, int size, const char *CacheFile)
        /* unique file name instead. */
        char tmpnam_buf[L_tmpnam + 1];
 
+       if ((tmpfile = malloc(sizeof(_DTDTSMMTEMPDIR) +
+           sizeof(_DTDTSMMTEMPFILE) + 7)) == NULL) {
+               _DtSimpleError(DtProgName, DtError, NULL, tmpfile, NULL);
+               return 0;
+       }
+
+       sprintf(tmpfile, "%s/%sXXXXXX", _DTDTSMMTEMPDIR, _DTDTSMMTEMPFILE);
+       fd = mkstemp(tmpfile);
+
+       /*
        tmpfile = (char *)malloc(sizeof(_DTDTSMMTEMPDIR) +
                                 sizeof(_DTDTSMMTEMPFILE) + L_tmpnam + 3);
+
        tmpnam(tmpnam_buf);
        sprintf(tmpfile, "%s/%s%s", _DTDTSMMTEMPDIR, _DTDTSMMTEMPFILE,
                basename(tmpnam_buf));
 
        fd  = open(tmpfile, O_RDWR|O_CREAT, 0600);
+       */
        umask(cmask);
 
        if(fd ==  -1)