diff -up cups-2.2.7/cups/tempfile.c.str3382 cups-2.2.7/cups/tempfile.c --- cups-2.2.7/cups/tempfile.c.str3382 2018-03-23 04:48:36.000000000 +0100 +++ cups-2.2.7/cups/tempfile.c 2018-04-03 14:21:54.567221492 +0200 @@ -25,6 +25,7 @@ # include #else # include +# include #endif /* WIN32 || __EMX__ */ @@ -48,7 +49,7 @@ cupsTempFd(char *filename, /* I - Point #ifdef WIN32 DWORD curtime; /* Current time */ #else - struct timeval curtime; /* Current time */ + mode_t old_umask; /* Old umask before using mkstemp() */ #endif /* WIN32 */ @@ -114,32 +115,24 @@ cupsTempFd(char *filename, /* I - Point */ snprintf(filename, (size_t)len - 1, "%s/%05lx%08lx", tmpdir, GetCurrentProcessId(), curtime); -#else - /* - * Get the current time of day... - */ - - gettimeofday(&curtime, NULL); - - /* - * Format a string using the hex time values... - */ - - snprintf(filename, (size_t)len - 1, "%s/%05x%08x", tmpdir, (unsigned)getpid(), (unsigned)(curtime.tv_sec + curtime.tv_usec + tries)); -#endif /* WIN32 */ /* * Open the file in "exclusive" mode, making sure that we don't * stomp on an existing file or someone's symlink crack... */ -#ifdef WIN32 fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY, _S_IREAD | _S_IWRITE); -#elif defined(O_NOFOLLOW) - fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600); #else - fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600); + /* + * Use the standard mkstemp() call to make a temporary filename + * securely. -- andrew.wood@jdplc.com + */ + snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir); + + old_umask = umask(0077); + fd = mkstemp(filename); + umask(old_umask); #endif /* WIN32 */ if (fd < 0 && errno != EEXIST)