$OpenBSD: patch-aj,v 1.2 1999/04/22 19:05:11 rohee Exp $

This patch contains the original patch replacing insecure mktemp()
usage by secure mkstemp() usage in xvdir.c, as well as the Michael
Rausch's patch fixing a string buffer where the program failed to
append '\0'.

See ftp://ftp.trilon.com/pub/xv/patches/longname.patch for the original
patch.

It was less annoying to remake the patch than using his one, since it
isn't ${WRKSRC} relative, and it collides with the original OpenBSD
patch.

--- xvdir.c.reference	Wed Apr 21 22:35:43 1999
+++ xvdir.c	Wed Apr 21 22:38:14 1999
@@ -1213,6 +1213,7 @@
      char *st;
 {
   strncpy(deffname, st, (size_t) MAXFNLEN-1);
+  deffname[MAXFNLEN-1] = '\0';
   setFName(st);
 }
 
@@ -1620,13 +1621,14 @@
 #else
     strcpy(outFName, "[]xvXXXXXX.lis");
 #endif
-    mktemp(outFName);
+    fp = fdopen(mkstemp(outFName), "w");
     dopipe = 1;
   }
 
 
   /* see if file exists (ie, we're overwriting) */
-  if (stat(outFName, &st)==0) {   /* stat succeeded, file must exist */
+  if (dopipe == 0 &&
+      stat(outFName, &st)==0) {   /* stat succeeded, file must exist */
     static char *foo[] = { "\nOk", "\033Cancel" };
     char str[512];
 
@@ -1636,7 +1638,8 @@
     
 
   /* Open file */
-  fp = fopen(outFName, "w");
+  if (dopipe == 0)
+    fp = fopen(outFName, "w");
   if (!fp) {
     char  str[512];
     sprintf(str,"Can't write file '%s'\n\n  %s.",outFName, ERRSTR(errno));

--- /tmp/xv-3.10a.orig/xvbrowse.c       Thu Jan 19 18:49:17 1995
+++ xvbrowse.c Mon Feb  5 23:46:28 1996
@@ -956,6 +956,7 @@
      char *str;
 {
   strncpy(br->dispstr, str, (size_t) 256);
+  br->dispstr[255] = '\0';
   drawBrowStr(br);
   XFlush(theDisp);
 }
@@ -1490,6 +1491,7 @@
   if (StringWidth(str) > ISPACE_WIDE-6) {
     int dotpos; 
     strncpy(tmpstr, str, (size_t) 56);
+    tmpstr[56] = '\0'; /* MR: otherwise it dies on long file names */
     dotpos = strlen(tmpstr);
     strcat(tmpstr,"...");

--- /tmp/xv-3.10a.orig/xvpopup.c        Thu Jan 19 19:09:31 1995
+++ xvpopup.c  Mon Feb  5 21:50:13 1996
@@ -560,6 +560,7 @@
	nams[*lenp] = (char *) malloc((size_t) 32);
	if (!nams[*lenp]) { free(vals[*lenp]); continue; }
	strncpy(nams[*lenp], vals[*lenp], (size_t) 31);
+	nams[*lenp][31] = '\0';
       }
       
       if (strlen(nams[*lenp]) > (size_t) 20) {   /* fix long names */

--- /tmp/xv-3.10a.orig/xvtext.c Sat Jan 14 00:46:28 1995
+++ xvtext.c   Mon Feb  5 21:50:54 1996
@@ -293,6 +293,7 @@
   tv->textlen     = len;
   tv->freeonclose = freeonclose;
   strncpy(tv->title, title, (size_t) TITLELEN-1);
+  tv->title[TITLELEN-1] = '\0';

   computeText(tv);      /* compute # lines and linestarts array */


