From 9699ea403ecbc3de19cb3cb79131cd4e307a2d22 Mon Sep 17 00:00:00 2001
From: Robert Williams <rwilliams@jrc-utah.com>
Date: Thu, 3 Feb 2000 03:10:56 +0000
Subject: [PATCH] Patch by George Staikos

- kmail-secfix.patch

Fixes a security problem

svn path=/trunk/kdenetwork/kmail/; revision=39842
---
 kmidentity.cpp | 11 +++++++++--
 kmsettings.cpp |  8 +++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/kmidentity.cpp b/kmidentity.cpp
index b86a8aa0b..6ff9bdb9b 100644
--- a/kmidentity.cpp
+++ b/kmidentity.cpp
@@ -144,14 +144,21 @@ void KMIdentity::setSignatureFile(const QString str)
 const QString KMIdentity::signature(void) const
 {
   QString result, sigcmd;
-  char tmpf[256];
+  char tmpf[30] = "/tmp/kmailXXXXXX";
+  int fd;
 
   if (mSignatureFile.isEmpty()) return QString::null;
 
   if (mSignatureFile.right(1)=="|")
   {
     // signature file is a shell script that returns the signature
-    tmpnam(tmpf);
+    fd = mkstemp(tmpf);
+    if (fd == -1) {
+      warning(i18n("Failed to create temporary file\n%s\n%s"),
+	      tmpf, strerror(errno));
+      return QString::null;
+    }
+    close(fd);
     sigcmd = mSignatureFile.left(mSignatureFile.length()-1);
     sigcmd += " >";
     sigcmd += tmpf;
diff --git a/kmsettings.cpp b/kmsettings.cpp
index 063c903b7..b327508cd 100644
--- a/kmsettings.cpp
+++ b/kmsettings.cpp
@@ -267,6 +267,7 @@ void KMSettings::createTabIdentity(QWidget* parent)
   QWidget* tab = new QWidget(parent);
   QGridLayout* grid = new QGridLayout(tab, 6, 3, 20, 6);
   QPushButton* button;
+  QLabel *label;
 
   nameEdit = createLabeledEntry(tab, grid, i18n("Name:"), 
 				identity->fullName(), 0, 0);
@@ -280,10 +281,15 @@ void KMSettings::createTabIdentity(QWidget* parent)
   sigEdit = createLabeledEntry(tab, grid, i18n("Signature File:"),
 			       identity->signatureFile(), 4, 0, &button);
   connect(button,SIGNAL(clicked()),this,SLOT(chooseSigFile()));
-  sigModify = createPushButton(tab, grid, i18n("&Edit Signature File..."),
+  sigModify = createPushButton(tab, grid, i18n("&Edit Sig File..."),
                                5, 0);
   connect(sigModify, SIGNAL(clicked()), this, SLOT(slotSigModify()));
 
+  label = new QLabel(tab);
+  label->setText(i18n("Prepend sigfile with a | to specify a program."));
+  label->setMinimumSize(label->size());
+  grid->addMultiCellWidget(label, 5, 5, 1, 1);
+
   grid->setColStretch(0,0);
   grid->setColStretch(1,1);
   grid->setColStretch(2,0);