Sophie: xtel-3.3.0-11mdv2008.0 src

xtel-3.3.0-11mdv2008.0.src.rpm

--- xtel-3.3.0.orig/imprime.c
+++ xtel-3.3.0/imprime.c
@@ -28,26 +28,49 @@
 int mode;
 {
     FILE *fp;
-    char cmd[256], n[256];
+    int fd = -1;
+    char cmd[256];
+    char n[] = "/var/tmp/xtelXXXXXX";
+    /* crée le fichier de telle façon qu'il soit impossible de le détourner
+     * avec un lien symbolique préalablement établi.
+     */
+#ifdef HAS_MKSTEMP
+    fd = mkstemp(n);
+#else
+    if (mktemp(n) != NULL)
+	fd = open (n, O_CREAT | O_EXCL | O_WRONLY, 0600);
+#endif
 
-    sprintf (n, "/tmp/xtel%d.ppm", getpid());
-    if ((fp = fopen (n, "w")) == NULL) {
+    if (fd < 0) {
 	perror (n);
-	exit (1);
     }
-
-    if (mode == VIDEOTEX) {
-	videotexDumpScreen (ecran_minitel, fp);
-	sprintf (cmd, rsc_xtel.commandeImpression, n);
-    }
-    else { /* ASCII */
-	videotexConversionAscii (ecran_minitel, fp);
-	sprintf (cmd, rsc_xtel.commandeImpressionAscii, n);
+    else if ((fp = fdopen( fd, "wb" )) == NULL) {
+	close (fd);
+	unlink (n);
+	perror (n);
     }
+    else {
+	if (mode == VIDEOTEX) {
+	    videotexDumpScreen (ecran_minitel, fp);
+#ifdef HAS_SNPRINTF
+	    snprintf (cmd, sizeof(cmd), rsc_xtel.commandeImpression, n);
+#else
+	    sprintf (cmd, rsc_xtel.commandeImpression, n);
+#endif
+	}
+	else { /* ASCII */
+	    videotexConversionAscii (ecran_minitel, fp);
+#ifdef HAS_SNPRINTF
+	    snprintf (cmd, sizeof(cmd), rsc_xtel.commandeImpressionAscii, n);
+#else
+	    sprintf (cmd, rsc_xtel.commandeImpressionAscii, n);
+#endif
+	}
 
-    fclose (fp);
-    system (cmd);
-    unlink (n);
+	fclose (fp);
+	system (cmd);
+	unlink (n);
+    }
 }
 
 void imprime_page_courante_ascii (w, client_data, call_data)