fix failure of tempnam to null-terminate result

tempnam uses an uninitialized buffer which is filled using memcpy and
__randname. It is therefore necessary to explicitly null-terminate it.

based on patch by Felix Janda.

diff --git a/src/stdio/tempnam.c b/src/stdio/tempnam.c
index 45a5f26..5a55975 100644 (file)
--- a/src/stdio/tempnam.c
+++ b/src/stdio/tempnam.c
@@ -33,6 +33,7 @@ char *tempnam(const char *dir, const char *pfx)
        s[dl] = '/';
        memcpy(s+dl+1, pfx, pl);
        s[dl+1+pl] = '_';
+       s[l] = 0;
 
        for (try=0; try<MAXTRIES; try++) {
                __randname(s+l-6);