Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jarno Huuskonen (Jarno.Huuskonenuku.fi)
Date: Sun Feb 04 2001 - 12:07:06 CST
xrn-9.02 creates insecure temporary filenames. tempnam.c has a
function called utTempnam that uses getpid() for creating the unique
filename. This filename is then opened with fopen.
Fortunately utTempnam seems to use $TEMPDIR if it's set.
Also utils.c has a utTempFile function that creates a temporary
filename in the same directory as original filename(parameter)
(same problem with getpid() --> fopen).
(Also most? of the sprintf/strcpy/strcat calls don't check
for possible overflow. It might be a good idea to check for a
possibility of remote overflow.)
-- Jarno Huuskonen - System Administrator | Jarno.Huuskonenuku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169