1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
Description: Replace insecure make_temporary_filename with File::Temp::tempfile
Forwarded: http://lists.example.com/2010/03/1234.html
Origin: vendor, http://bugs.debian.org/740670
Author: Don Armstrong <don@debian.org>
Last-Update: 2010-03-29
--- a/lib/Perl/Tidy.pm
+++ b/lib/Perl/Tidy.pm
@@ -76,6 +76,7 @@
use IO::File;
use File::Basename;
use File::Copy;
+use File::Temp qw(tempfile);
BEGIN {
( $VERSION = q($Id: perltidy-20130922.0.0-CVE-2014-2277.patch,v 1.1 2014/03/11 18:40:27 civil Exp $) ) =~ s/^.*\s+(\d+)\/(\d+)\/(\d+).*$/$1$2$3/; # all one line for MakeMaker
@@ -235,35 +236,6 @@
return undef;
}
-sub make_temporary_filename {
-
- # Make a temporary filename.
- # The POSIX tmpnam() function has been unreliable for non-unix systems
- # (at least for the win32 systems that I've tested), so use a pre-defined
- # name for them. A disadvantage of this is that two perltidy
- # runs in the same working directory may conflict. However, the chance of
- # that is small and manageable by the user, especially on systems for which
- # the POSIX tmpnam function doesn't work.
- my $name = "perltidy.TMP";
- if ( $^O =~ /win32|dos/i || $^O eq 'VMS' || $^O eq 'MacOs' ) {
- return $name;
- }
- eval "use POSIX qw(tmpnam)";
- if ($@) { return $name }
- use IO::File;
-
- # just make a couple of tries before giving up and using the default
- for ( 0 .. 3 ) {
- my $tmpname = tmpnam();
- my $fh = IO::File->new( $tmpname, O_RDWR | O_CREAT | O_EXCL );
- if ($fh) {
- $fh->close();
- return ($tmpname);
- last;
- }
- }
- return ($name);
-}
# Here is a map of the flow of data from the input source to the output
# line sink:
@@ -1324,11 +1296,7 @@
my ( $fh_stream, $fh_name ) =
Perl::Tidy::streamhandle( $stream, 'r' );
if ($fh_stream) {
- my ( $fout, $tmpnam );
-
- # TODO: fix the tmpnam routine to return an open filehandle
- $tmpnam = Perl::Tidy::make_temporary_filename();
- $fout = IO::File->new( $tmpnam, 'w' );
+ my ( $fout, $tmpnam ) = tempfile();
if ($fout) {
$fname = $tmpnam;
@@ -5159,14 +5127,7 @@
# Pod::Html requires a real temporary filename
# If we are making a frame, we have a name available
# Otherwise, we have to fine one
- my $tmpfile;
- if ( $rOpts->{'frames'} ) {
- $tmpfile = $self->{_toc_filename};
- }
- else {
- $tmpfile = Perl::Tidy::make_temporary_filename();
- }
- my $fh_tmp = IO::File->new( $tmpfile, 'w' );
+ my ($fh_tmp,$tmpfile) = tempfile();
unless ($fh_tmp) {
Perl::Tidy::Warn
"unable to open temporary file $tmpfile; cannot use pod2html\n";
|