From: Earl Hood <earl@earlhood.com>
Date: Thu, 4 Feb 2010 01:39:21 +0000 (+0000)
Subject: * Bug #15213, #18635: The use of the insecure m_scratch() and
X-Git-Url: https://diplodocus.org/git/nmh/commitdiff_plain/2f689a1cb907a5de04e6d39ffd217a69af3216c7?hp=2f689a1cb907a5de04e6d39ffd217a69af3216c7

* Bug #15213, #18635: The use of the insecure m_scratch() and
  m_tmpfil() functions have been replaced by m_mktemp()
  or m_mktemp2() functions (defined in sbr/m_mktemp.c).
  The new functions use mkstemp() to securely create
  temporary files to avoid the numerous race conditions
  that exist with the old functions.  This does assume
  that mkstemp() is available.  Unsure if we need to
  create an alternative implementation if mkstemp() is
  not available.  More information about new temp file
  functions in m_mktemp.c, including the support for
  MHTMPDIR, TMPDIR, and TMP envvars.

NOTE: The files sbr/m_scratch.c and sbr/m_tmpfil.c should be removed.
Until more testing verifies changes to support new functions have not
broken functionality, the files are be left in the tree, but comments
have been added stating the functions in them should not be called.
---