$OpenBSD: patch-mktemp,v 1.1 2000/10/13 07:25:39 camield Exp $

Correct insecure tempfile handling.

--- report.c.orig	Wed Jul 29 07:16:46 1998
+++ report.c	Fri Oct 13 09:15:00 2000
@@ -239,7 +239,7 @@
     register u_char *e2, register time_t *t1p, register time_t *t2p)
 {
 	register char *cp, *hn;
-	register int pid;
+	register int fd, pid;
 	register FILE *f;
 	char tempfile[64], cpu[64], os[64];
 	char *fmt = "%20s: %s\n";
@@ -286,8 +286,11 @@
 		/* Child */
 		closelog();
 		(void)strcpy(tempfile, "/tmp/arpwatch.XXXXXX");
-		(void)mktemp(tempfile);
-		if ((f = fopen(tempfile, "w+")) == NULL) {
+		if ((fd = mkstemp(tempfile)) == -1 || (f = fdopen(fd, "w+")) == NULL) {
+			if (fd != -1) {
+				unlink(tempfile);
+				close(fd);
+			}
 			syslog(LOG_ERR, "child open(%s): %m", tempfile);
 			exit(1);
 		}
