diff -up hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp --- hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp.CVE-2013-0200 2013-01-22 10:57:13.651460928 +0000 +++ hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp 2013-01-22 10:57:34.087541538 +0000 @@ -637,19 +637,22 @@ int HPCupsFilter::processRasterData(cups { char szFileName[32]; memset(szFileName, 0, sizeof(szFileName)); - snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp", current_page_number); + snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp.XXXXXX", current_page_number); if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW || cups_header.cupsColorSpace == CUPS_CSPACE_RGB) { - cfp = fopen (szFileName, "w"); - chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + int fd = mkstemp (szFileName); + if (fd != -1) + cfp = fdopen (fd, "w"); } if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW || cups_header.cupsColorSpace == CUPS_CSPACE_K) { - szFileName[17] = 'k'; - kfp = fopen (szFileName, "w"); - chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + int fd; + snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterk_%d.bmp.XXXXXX", current_page_number); + fd = mkstemp (szFileName); + if (fd != -1) + kfp = fdopen (fd, "w"); } WriteBMPHeader (cfp, cups_header.cupsWidth, cups_header.cupsHeight, COLOR_RASTER); diff -up hplip-3.12.4/prnt/hpcups/SystemServices.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpcups/SystemServices.cpp --- hplip-3.12.4/prnt/hpcups/SystemServices.cpp.CVE-2013-0200 2012-04-10 09:32:37.000000000 +0100 +++ hplip-3.12.4/prnt/hpcups/SystemServices.cpp 2013-01-22 10:57:34.088541545 +0000 @@ -36,10 +36,12 @@ SystemServices::SystemServices(int iLogL m_fp = NULL; if (iLogLevel & SAVE_PCL_FILE) { + int fd; char fname[32]; - sprintf(fname, "/tmp/hpcups_job%d.out", job_id); - m_fp = fopen(fname, "w"); - chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + sprintf(fname, "/tmp/hpcups_job%d.out.XXXXXX", job_id); + fd = mkstemp (fname); + if (fd != -1) + m_fp = fdopen(fd, "w"); } } diff -up hplip-3.12.4/prnt/hpijs/hpijs.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpijs/hpijs.cpp --- hplip-3.12.4/prnt/hpijs/hpijs.cpp.CVE-2013-0200 2013-01-22 10:57:12.219455275 +0000 +++ hplip-3.12.4/prnt/hpijs/hpijs.cpp 2013-01-22 10:57:34.089541549 +0000 @@ -96,13 +96,12 @@ void setLogLevel(UXServices *pSS) if (pSS->m_iLogLevel & SAVE_PCL_FILE) { + int fd; char szFileName[32]; - sprintf (szFileName, "/tmp/hpijs_%d.out", getpid()); - pSS->outfp = fopen (szFileName, "w"); - if (pSS->outfp) - { - chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); - } + sprintf (szFileName, "/tmp/hpijs_%d.out.XXXXXX", getpid()); + fd = mkstemp (szFileName); + if (fd != -1) + pSS->outfp = fdopen (fd, "w"); } } diff -up hplip-3.12.4/prnt/hpps/hppsfilter.c.CVE-2013-0200 hplip-3.12.4/prnt/hpps/hppsfilter.c --- hplip-3.12.4/prnt/hpps/hppsfilter.c.CVE-2013-0200 2012-04-10 09:32:37.000000000 +0100 +++ hplip-3.12.4/prnt/hpps/hppsfilter.c 2013-01-22 10:57:34.089541549 +0000 @@ -92,10 +92,12 @@ void open_dbg_outfile(char* szjob_id) g_fp_outdbgps = NULL; if (g_savepsfile & SAVE_PS_FILE) { + int fd; char sfile_name[FILE_NAME_SIZE] = {0}; - sprintf(sfile_name, DBG_PSFILE, szjob_id); - g_fp_outdbgps= fopen(sfile_name, "w"); - chmod(sfile_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + sprintf(sfile_name, DBG_PSFILE ".XXXXXX", szjob_id); + fd = mkstemp (sfile_name); + if (fd != -1) + g_fp_outdbgps = fdopen(fd, "w"); } }