From 4eac86bdd50377578553ca2aa2eb87199dbb0aa1 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@cs.stanford.edu>
Date: Tue, 15 Jun 2010 22:19:17 -0700
Subject: [PATCH] psppire: Fix insecure temporary file creation in
 clipboard_get_cb().

---
 src/ui/gui/psppire-output-window.c | 56 +++++++++++++++++-------------
 1 file changed, 31 insertions(+), 25 deletions(-)

diff --git a/src/ui/gui/psppire-output-window.c b/src/ui/gui/psppire-output-window.c
index b2ea1103..0dacd134 100644
--- a/src/ui/gui/psppire-output-window.c
+++ b/src/ui/gui/psppire-output-window.c
@@ -16,33 +16,31 @@
 
 #include <config.h>
 
-#include <gtk/gtksignal.h>
-#include <gtk/gtkbox.h>
-#include "helper.h"
-
-#include <libpspp/cast.h>
-#include <libpspp/message.h>
-#include <libpspp/string-map.h>
-#include <output/cairo.h>
-#include <output/chart-item.h>
-#include <output/driver-provider.h>
-#include <output/output-item.h>
-#include <output/table-item.h>
-#include <output/text-item.h>
-#include <output/tab.h>
+#include <errno.h>
+#include <gtk/gtk.h>
 #include <stdlib.h>
-
-#include "help-menu.h"
-
-#include "psppire-output-window.h"
-
-
-#include "xalloc.h"
-
-#include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/types.h>
 #include <unistd.h>
 
+#include "libpspp/cast.h"
+#include "libpspp/message.h"
+#include "libpspp/string-map.h"
+#include "output/cairo.h"
+#include "output/chart-item.h"
+#include "output/driver-provider.h"
+#include "output/output-item.h"
+#include "output/tab.h"
+#include "output/table-item.h"
+#include "output/text-item.h"
+#include "ui/gui/help-menu.h"
+#include "ui/gui/helper.h"
+#include "ui/gui/psppire-output-window.h"
+
+#include "gl/error.h"
+#include "gl/tmpdir.h"
+#include "gl/xalloc.h"
+
 #include <gettext.h>
 #define _(msgid) gettext (msgid)
 #define N_(msgid) msgid
@@ -801,7 +799,7 @@ clipboard_get_cb (GtkClipboard     *clipboard,
   gsize length;
   gchar *text = NULL;
   struct output_driver *driver = NULL;
-  char *filename = NULL;
+  char dirname[PATH_MAX], *filename;
   struct string_map options;
 
   GtkTreeSelection *sel = gtk_tree_view_get_selection (window->overview);
@@ -813,8 +811,15 @@ clipboard_get_cb (GtkClipboard     *clipboard,
   if ( n == NULL)
     return;
 
+  if (path_search (dirname, sizeof dirname, NULL, NULL, true)
+      || mkdtemp (dirname) == NULL)
+    {
+      error (0, errno, _("failed to create temporary directory"));
+      return;
+    }
+  filename = xasprintf ("%s/clip.tmp", dirname);
+
   string_map_init (&options);
-  filename = tempnam (NULL, NULL);
   string_map_insert (&options, "output-file", filename);
 
   switch (info)
@@ -884,6 +889,7 @@ clipboard_get_cb (GtkClipboard     *clipboard,
 
   unlink (filename);
   free (filename);
+  rmdir (dirname);
 
   g_list_free (rows);
 }
-- 
2.30.2