From owner-cvs-lib  Tue Apr 14 00:26:39 1998
Return-Path: <owner-cvs-lib>
Received: (from daemon@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA13696
          for cvs-lib-outgoing; Tue, 14 Apr 1998 00:26:39 -0700 (PDT)
          (envelope-from owner-cvs-lib)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA13425;
          Tue, 14 Apr 1998 07:25:44 GMT
          (envelope-from peter@FreeBSD.org)
From: Peter Wemm <peter@FreeBSD.ORG>
Received: (from peter@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id AAA13705;
	Tue, 14 Apr 1998 00:25:07 -0700 (PDT)
Date: Tue, 14 Apr 1998 00:25:07 -0700 (PDT)
Message-Id: <199804140725.AAA13705@freefall.freebsd.org>
To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-lib@FreeBSD.ORG
Subject: cvs commit: src/lib/libc/stdio mktemp.c
Sender: owner-cvs-lib@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

peter       1998/04/14 00:25:07 PDT

  Modified files:
    lib/libc/stdio       mktemp.c 
  Log:
  Fix a nasty flaw as a result of using the arc4random() pre-seeding of
  leading XXX's.  It could wrap an uppercase character through chars
  like:  [ \ ] ^ _ `  in between Z and a.  The backslash and back tick
  might be particularly nasty in a shell script context.  Also, since
  we've been using upper-case generated values for a while now, go with
  the flow and use them in the pathname search rotation.
  
  Revision  Changes    Path
  1.10      +4 -2      src/lib/libc/stdio/mktemp.c