1 files changed, 556 insertions, 0 deletions

diff --git a/x11/XFree86/files/patch-h b/x11/XFree86/files/patch-h
new file mode 100644
index 000000000000..079f97a0d241
--- /dev/null
+++ b/x11/XFree86/files/patch-h
@@ -0,0 +1,556 @@
+diff -u lib/ICE/ICElibint.h:1.1 X11/xc/lib/ICE/ICElibint.h:1.2
+--- lib/ICE/ICElibint.h:1.1	Fri Sep  5 02:58:32 1997
++++ lib/ICE/ICElibint.h	Mon Jul 10 15:17:09 2000
+@@ -288,20 +288,21 @@
+ }
+ 
+ 
+-#define SKIP_STRING(_pBuf, _swap) \
++#define SKIP_STRING(_pBuf, _swap, _end, _bail) \
+ { \
+     CARD16 _len; \
+     EXTRACT_CARD16 (_pBuf, _swap, _len); \
+-    _pBuf += _len; \
+-    if (PAD32 (2 + _len)) \
+-        _pBuf += PAD32 (2 + _len); \
+-}
++    _pBuf += _len + PAD32(2+_len); \
++    if (_pBuf > _end) { \
++	_bail; \
++    } \
++} 
+ 
+-#define SKIP_LISTOF_STRING(_pBuf, _swap, _count) \
++#define SKIP_LISTOF_STRING(_pBuf, _swap, _count, _end, _bail) \
+ { \
+     int _i; \
+     for (_i = 0; _i < _count; _i++) \
+-        SKIP_STRING (_pBuf, _swap); \
++        SKIP_STRING (_pBuf, _swap, _end, _bail); \
+ }
+ 
+ 
+Index: lib/ICE/process.c
+diff -u lib/ICE/process.c:1.1 X11/xc/lib/ICE/process.c:1.2
+--- lib/ICE/process.c:1.1	Fri Sep  5 02:58:32 1997
++++ lib/ICE/process.c	Mon Jul 10 15:17:10 2000
+@@ -63,7 +63,11 @@
+        return (0); \
+     }
+ 
+-
++#define BAIL_STRING(_iceConn, _opcode, _pStart) {\
++    _IceErrorBadLength (_iceConn, 0, _opcode, IceFatalToConnection);\
++    IceDisposeCompleteMessage (_iceConn, _pStart);\
++    return (0);\
++}
+ 
+ /*
+  * IceProcessMessages:
+@@ -819,7 +823,7 @@
+     int	 myAuthCount, hisAuthCount;
+     int	 found, i, j;
+     char *myAuthName, **hisAuthNames;
+-    char *pData, *pStart;
++    char *pData, *pStart, *pEnd;
+     char *vendor = NULL;
+     char *release = NULL;
+     int myAuthIndex = 0;
+@@ -843,10 +847,18 @@
+     }
+ 
+     pData = pStart;
+-
+-    SKIP_STRING (pData, swap);				       /* vendor */
+-    SKIP_STRING (pData, swap);				       /* release */
+-    SKIP_LISTOF_STRING (pData, swap, (int) message->authCount);/* auth names */
++    pEnd = pStart + (length << 3);
++    
++    SKIP_STRING (pData, swap, pEnd, 
++		 BAIL_STRING(iceConn, ICE_ConnectionSetup,
++			     pStart));			       /* vendor */
++    SKIP_STRING (pData, swap, pEnd, 
++		 BAIL_STRING(iceConn, ICE_ConnectionSetup,
++			    pStart));	        	       /* release */
++    SKIP_LISTOF_STRING (pData, swap, (int) message->authCount, pEnd, 
++			BAIL_STRING(iceConn, ICE_ConnectionSetup,
++				   pStart));		       /* auth names */
++    
+     pData += (message->versionCount * 4);		       /* versions */
+ 
+     CHECK_COMPLETE_SIZE (iceConn, ICE_ConnectionSetup,
+@@ -1685,7 +1697,7 @@
+ 
+ {
+     iceConnectionReplyMsg 	*message;
+-    char 			*pData, *pStart;
++    char 			*pData, *pStart, *pEnd;
+     Bool			replyReady;
+ 
+     CHECK_AT_LEAST_SIZE (iceConn, ICE_ConnectionReply,
+@@ -1701,9 +1713,14 @@
+     }
+ 
+     pData = pStart;
++    pEnd = pStart + (length << 3);
+ 
+-    SKIP_STRING (pData, swap);				     /* vendor */
+-    SKIP_STRING (pData, swap);				     /* release */
++    SKIP_STRING (pData, swap, pEnd,
++		 BAIL_STRING (iceConn, ICE_ConnectionReply,
++			      pStart));		    	     /* vendor */
++    SKIP_STRING (pData, swap, pEnd,
++		 BAIL_STRING (iceConn, ICE_ConnectionReply,
++			      pStart));			     /* release */
+ 
+     CHECK_COMPLETE_SIZE (iceConn, ICE_ConnectionReply,
+ 	length, pData - pStart + SIZEOF (iceConnectionReplyMsg),
+@@ -1789,7 +1806,7 @@
+     int	 	      	found, i, j;
+     char	      	*myAuthName, **hisAuthNames;
+     char 	      	*protocolName;
+-    char 		*pData, *pStart;
++    char 		*pData, *pStart, *pEnd;
+     char 	      	*vendor = NULL;
+     char 	      	*release = NULL;
+     int  	      	accept_setup_now = 0;
+@@ -1824,11 +1841,20 @@
+     }
+ 
+     pData = pStart;
++    pEnd = pStart + (length << 3);
+ 
+-    SKIP_STRING (pData, swap);				       /* proto name */
+-    SKIP_STRING (pData, swap);				       /* vendor */
+-    SKIP_STRING (pData, swap);				       /* release */
+-    SKIP_LISTOF_STRING (pData, swap, (int) message->authCount);/* auth names */
++    SKIP_STRING (pData, swap, pEnd,
++		 BAIL_STRING(iceConn, ICE_ProtocolSetup, 
++			     pStart));			       /* proto name */
++    SKIP_STRING (pData, swap, pEnd,
++		 BAIL_STRING(iceConn, ICE_ProtocolSetup, 
++			     pStart));			       /* vendor */
++    SKIP_STRING (pData, swap, pEnd,
++		 BAIL_STRING(iceConn, ICE_ProtocolSetup, 
++			     pStart));			       /* release */
++    SKIP_LISTOF_STRING (pData, swap, (int) message->authCount, pEnd,
++			BAIL_STRING(iceConn, ICE_ProtocolSetup, 
++				    pStart));		       /* auth names */
+     pData += (message->versionCount * 4);		       /* versions */
+ 
+     CHECK_COMPLETE_SIZE (iceConn, ICE_ProtocolSetup,
+@@ -2170,7 +2196,7 @@
+ 
+ {
+     iceProtocolReplyMsg *message;
+-    char		*pData, *pStart;
++    char		*pData, *pStart, *pEnd;
+     Bool		replyReady;
+ 
+     CHECK_AT_LEAST_SIZE (iceConn, ICE_ProtocolReply,
+@@ -2186,9 +2212,14 @@
+     }
+ 
+     pData = pStart;
++    pEnd = pStart + (length << 3);
+ 
+-    SKIP_STRING (pData, swap);				     /* vendor */
+-    SKIP_STRING (pData, swap);				     /* release */
++    SKIP_STRING (pData, swap, pEnd,
++		 BAIL_STRING(iceConn, ICE_ProtocolReply,
++			     pStart));			     /* vendor */
++    SKIP_STRING (pData, swap, pEnd,
++		 BAIL_STRING(iceConn, ICE_ProtocolReply,
++			     pStart));			     /* release */
+ 
+     CHECK_COMPLETE_SIZE (iceConn, ICE_ProtocolReply,
+ 	length, pData - pStart + SIZEOF (iceProtocolReplyMsg),
+Index: lib/X11/GetProp.c
+diff -u lib/X11/GetProp.c:1.1 X11/xc/lib/X11/GetProp.c:1.2
+--- lib/X11/GetProp.c:1.1	Fri Sep  5 02:58:44 1997
++++ lib/X11/GetProp.c	Mon Jul 10 15:20:35 2000
+@@ -76,21 +76,24 @@
+        */
+ 	  case 8:
+ 	    nbytes = netbytes = reply.nItems;
+-	    if (*prop = (unsigned char *) Xmalloc ((unsigned)nbytes + 1))
++            if (nbytes + 1 > 0 &&
++                (*prop = (unsigned char *) Xmalloc ((unsigned)nbytes + 1)))
+ 		_XReadPad (dpy, (char *) *prop, netbytes);
+ 	    break;
+ 
+ 	  case 16:
+ 	    nbytes = reply.nItems * sizeof (short);
+ 	    netbytes = reply.nItems << 1;
+-	    if (*prop = (unsigned char *) Xmalloc ((unsigned)nbytes + 1))
++            if (nbytes + 1 > 0 &&
++                (*prop = (unsigned char *) Xmalloc ((unsigned)nbytes + 1)))
+ 		_XRead16Pad (dpy, (short *) *prop, netbytes);
+ 	    break;
+ 
+ 	  case 32:
+ 	    nbytes = reply.nItems * sizeof (long);
+ 	    netbytes = reply.nItems << 2;
+-	    if (*prop = (unsigned char *) Xmalloc ((unsigned)nbytes + 1))
++            if (nbytes + 1 > 0 &&
++                (*prop = (unsigned char *) Xmalloc ((unsigned)nbytes + 1)))
+ 		_XRead32 (dpy, (long *) *prop, netbytes);
+ 	    break;
+ 
+Index: lib/X11/OpenDis.c
+diff -u lib/X11/OpenDis.c:1.1 X11/xc/lib/X11/OpenDis.c:1.2
+--- lib/X11/OpenDis.c:1.1	Fri Sep  5 02:58:48 1997
++++ lib/X11/OpenDis.c	Mon Jul 10 15:20:35 2000
+@@ -371,6 +371,14 @@
+ 	dpy->max_request_size	= u.setup->maxRequestSize;
+ 	mask = dpy->resource_mask;
+ 	dpy->resource_shift	= 0;
++	if (!mask)
++	{
++	    fprintf (stderr, "Xlib: connection to \"%s\" invalid setup\n",
++		     fullname);
++	    OutOfMemory(dpy, setup);
++	    return (NULL);
++	}
++    
+ 	while (!(mask & 1)) {
+ 	    dpy->resource_shift++;
+ 	    mask = mask >> 1;
+@@ -390,6 +398,13 @@
+   	(void) strncpy(dpy->vendor, u.vendor, vendorlen);
+ 	dpy->vendor[vendorlen] = '\0';
+  	vendorlen = (vendorlen + 3) & ~3;	/* round up */
++/*
++ * validate setup length
++ */
++	if ((int) setuplength - sz_xConnSetup - vendorlen < 0) {
++	    OutOfMemory(dpy, setup);
++	    return (NULL);
++	}
+ 	memmove (setup, u.vendor + vendorlen,
+ 		 (int) setuplength - sz_xConnSetup - vendorlen);
+  	u.vendor = setup;
+@@ -568,6 +583,8 @@
+ 
+ 	    if (_XReply (dpy, (xReply *) &reply, 0, xFalse)) {
+ 		if (reply.format == 8 && reply.propertyType == XA_STRING &&
++		    (reply.nItems + 1 > 0) &&
++		    (reply.nItems <= req->longLength * 4) &&
+ 		    (dpy->xdefaults = Xmalloc (reply.nItems + 1))) {
+ 		    _XReadPad (dpy, dpy->xdefaults, reply.nItems);
+ 		    dpy->xdefaults[reply.nItems] = '\0';
+Index: lib/X11/XlibInt.c
+diff -u lib/X11/XlibInt.c:1.3 X11/xc/lib/X11/XlibInt.c:1.4
+--- lib/X11/XlibInt.c:1.3	Tue Aug 24 12:11:19 1999
++++ lib/X11/XlibInt.c	Mon Jul 10 15:20:35 2000
+@@ -38,6 +38,8 @@
+ #define NEED_EVENTS
+ #define NEED_REPLIES
+ 
++#define GENERIC_LENGTH_LIMIT (1 << 29)
++
+ #include "Xlibint.h"
+ #include <X11/Xpoll.h>
+ #include <X11/Xtrans.h>
+@@ -1689,6 +1691,17 @@
+ 			!= (char *)rep)
+ 			continue;
+ 		}
++                /*
++                 * Don't accept ridiculously large values for
++                 * generic.length; doing so could cause stack-scribbling
++                 * problems elsewhere.
++                 */
++                if (rep->generic.length > GENERIC_LENGTH_LIMIT) {
++                    rep->generic.length = GENERIC_LENGTH_LIMIT;
++                    (void) fprintf(stderr,
++                                   "Xlib: suspiciously long reply length %d set to %d",
++                                   rep->generic.length, GENERIC_LENGTH_LIMIT);
++		}
+ 		if (extra <= rep->generic.length) {
+ 		    if (extra > 0)
+ 			/* 
+@@ -1827,6 +1840,13 @@
+ #endif
+ 	if (len > *lenp)
+ 	    _XEatData(dpy, len - *lenp);
++    }
++    if (len < SIZEOF(xReply))
++    {
++	_XIOError (dpy);
++	buf += *lenp;
++	*lenp = 0;
++	return buf;
+     }
+     if (len >= *lenp) {
+ 	buf += *lenp;
+Index: programs/Xserver/os/secauth.c
+diff -u programs/Xserver/os/secauth.c:1.1 X11/xc/programs/Xserver/os/secauth.c:1.3
+--- programs/Xserver/os/secauth.c:1.1	Fri Sep  5 03:15:14 1997
++++ programs/Xserver/os/secauth.c	Mon Jul 10 15:23:26 2000
+@@ -47,7 +47,7 @@
+     ClientPtr	client;
+     char	**reason;
+ {
+-    char	*policy = *dataP;
++    CARD8	*policy = *(CARD8 **)dataP;
+     int		length;
+     Bool	permit;
+     int		nPolicies;
+@@ -61,13 +61,13 @@
+     }
+ 
+     permit = (*policy++ == 0);
+-    nPolicies = *policy++;
++    nPolicies = (CARD8) *policy++;
+ 
+     length -= 2;
+ 
+     sitePolicies = SecurityGetSitePolicyStrings(&nSitePolicies);
+ 
+-    while (nPolicies) {
++    while (nPolicies > 0) {
+ 	int strLen, sitePolicy;
+ 
+ 	if (length == 0) {
+@@ -75,7 +75,7 @@
+ 	    return FALSE;
+ 	}
+ 
+-	strLen = *policy++;
++	strLen = (CARD8) *policy++;
+ 	if (--length < strLen) {
+ 	    *reason = InvalidPolicyReason;
+ 	    return FALSE;
+@@ -87,7 +87,7 @@
+ 	    {
+ 		char *testPolicy = sitePolicies[sitePolicy];
+ 		if ((strLen == strlen(testPolicy)) &&
+-		    (strncmp(policy, testPolicy, strLen) == 0))
++		    (strncmp((char *)policy, testPolicy, strLen) == 0))
+ 		{
+ 		    found = TRUE; /* need to continue parsing the policy... */
+ 		    break;
+@@ -107,7 +107,7 @@
+     }
+ 
+     *data_lengthP = length;
+-    *dataP = policy;
++    *dataP = (char *)policy;
+     return TRUE;
+ }
+ 
+Index: programs/Xserver/os/xdmcp.c
+diff -u programs/Xserver/os/xdmcp.c:1.1.1.2 X11/xc/programs/Xserver/os/xdmcp.c:1.2
+--- programs/Xserver/os/xdmcp.c:1.1.1.2	Fri Jan  8 10:56:48 1999
++++ programs/Xserver/os/xdmcp.c	Mon Jul 10 15:26:07 2000
+@@ -1,5 +1,5 @@
+ /* $XConsortium: xdmcp.c /main/34 1996/12/02 10:23:29 lehors $ */
+-/* $XFree86: xc/programs/Xserver/os/xdmcp.c,v 3.9.2.1 1998/12/18 11:56:34 dawes Exp $ */
++/* $XFree86: xc/programs/Xserver/os/xdmcp.c,v 3.9.2.2 2000/02/08 20:32:12 dawes Exp $ */
+ /*
+  * Copyright 1989 Network Computing Devices, Inc., Mountain View, California.
+  *
+@@ -290,7 +290,10 @@
+ 	return (i + 1);
+     }
+     if (strcmp(argv[i], "-port") == 0) {
+-	++i;
++        if (++i == argc)  {
++	    ErrorF("Xserver: missing port number in command line\n");
++	    exit(1);
++	}
+ 	xdm_udp_port = atoi(argv[i]);
+ 	return (i + 1);
+     }
+@@ -300,18 +303,28 @@
+     }
+     if (strcmp(argv[i], "-class") == 0) {
+ 	++i;
++        if (++i == argc)  {
++	    ErrorF("Xserver: missing class name in command line\n");
++	    exit(1);
++	}
+ 	defaultDisplayClass = argv[i];
+ 	return (i + 1);
+     }
+ #ifdef HASXDMAUTH
+     if (strcmp(argv[i], "-cookie") == 0) {
+-	++i;
++        if (++i == argc)  {
++	    ErrorF("Xserver: missing cookie data in command line\n");
++	    exit(1);
++	}
+ 	xdmAuthCookie = argv[i];
+ 	return (i + 1);
+     }
+ #endif
+     if (strcmp(argv[i], "-displayID") == 0) {
+-	++i;
++        if (++i == argc)  {
++	    ErrorF("Xserver: missing displayID in command line\n");
++	    exit(1);
++	}
+ 	XdmcpRegisterManufacturerDisplayID (argv[i], strlen (argv[i]));
+ 	return (i + 1);
+     }
+Index: programs/Xserver/xkb/ddxLoad.c
+diff -u programs/Xserver/xkb/ddxLoad.c:1.1.1.3 X11/xc/programs/Xserver/xkb/ddxLoad.c:1.2
+--- programs/Xserver/xkb/ddxLoad.c:1.1.1.3	Sat Nov 28 01:49:13 1998
++++ programs/Xserver/xkb/ddxLoad.c	Mon Jul 10 15:28:10 2000
+@@ -24,7 +24,7 @@
+ THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ 
+ ********************************************************/
+-/* $XFree86: xc/programs/Xserver/xkb/ddxLoad.c,v 3.19.2.3 1998/09/27 12:59:29 hohndel Exp $ */
++/* $XFree86: xc/programs/Xserver/xkb/ddxLoad.c,v 3.19.2.4 2000/06/15 23:24:07 dawes Exp $ */
+ 
+ #include <stdio.h>
+ #include <ctype.h>
+@@ -139,10 +139,8 @@
+ 		+strlen(file)+strlen(xkm_output_dir)
+ 		+strlen(outFile)+53 > PATH_MAX)
+ 	{
+-#ifdef DEBUG
+ 	    ErrorF("compiler command for keymap (%s) exceeds max length\n",
+ 								names->keymap);
+-#endif
+ 	    return False;
+ 	}
+ #ifndef __EMX__
+@@ -169,10 +167,8 @@
+ 		+strlen(file)+strlen(xkm_output_dir)
+ 		+strlen(outFile)+49 > PATH_MAX)
+ 	{
+-#ifdef DEBUG
+             ErrorF("compiler command for keymap (%s) exceeds max length\n",
+ 							names->keymap);
+-#endif
+ 	    return False;
+ 	}
+ 	sprintf(cmd,"xkbcomp -w %d -xkm %s%s -em1 %s -emp %s -eml %s keymap/%s %s%s.xkm",
+@@ -236,6 +232,10 @@
+ 	sprintf(keymap,"server-%s",display);
+     }
+     else {
++	if (strlen(names->keymap) > PATH_MAX - 1) {
++	    ErrorF("name of keymap (%s) exceeds max length\n", names->keymap);
++	    return False;
++	}
+ 	strcpy(keymap,names->keymap);
+     }
+ 
+@@ -254,10 +254,8 @@
+ 		+strlen(POST_ERROR_MSG1)+strlen(xkm_output_dir)
+ 		+strlen(keymap)+48 > PATH_MAX)
+ 	{
+-#ifdef DEBUG
+             ErrorF("compiler command for keymap (%s) exceeds max length\n",
+ 							names->keymap);
+-#endif
+ 	    return False;
+ 	}
+ #ifndef WIN32
+@@ -294,10 +292,8 @@
+ 		+strlen(ERROR_PREFIX)+strlen(POST_ERROR_MSG1)
+ 		+strlen(xkm_output_dir)+strlen(keymap)+44 > PATH_MAX)
+ 	{
+-#ifdef DEBUG
+             ErrorF("compiler command for keymap (%s) exceeds max length\n",
+ 							names->keymap);
+-#endif
+ 	    return False;
+ 	}
+ #ifndef WIN32
+Index: programs/Xserver/xkb/xkbInit.c
+diff -u programs/Xserver/xkb/xkbInit.c:1.1.1.2 X11/xc/programs/Xserver/xkb/xkbInit.c:1.3
+--- programs/Xserver/xkb/xkbInit.c:1.1.1.2	Sat Mar  7 09:21:55 1998
++++ programs/Xserver/xkb/xkbInit.c	Mon Jul 10 15:28:10 2000
+@@ -24,7 +24,7 @@
+ THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ 
+ ********************************************************/
+-/* $XFree86: xc/programs/Xserver/xkb/xkbInit.c,v 3.12.2.2 1998/02/24 13:20:07 dawes Exp $ */
++/* $XFree86: xc/programs/Xserver/xkb/xkbInit.c,v 3.12.2.3 2000/06/15 21:58:34 dawes Exp $ */
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -915,8 +915,13 @@
+ #endif
+     else if (strncmp(argv[i], "-xkbmap", 7) == 0) {
+ 	if(++i < argc) {
+-	    XkbInitialMap= argv[i];
+-	    return 2;
++	    if (strlen(argv[i]) < PATH_MAX) {
++		XkbInitialMap= argv[i];
++		return 2;
++	    } else {
++		ErrorF("-xkbmap pathname too long\n");
++		return -1;
++	    }
+ 	}
+ 	else {
+ 	    return -1;
+@@ -924,8 +929,13 @@
+     }
+     else if (strncmp(argv[i], "-xkbdb", 7) == 0) {
+ 	if(++i < argc) {
+-	    XkbDB= argv[i];
+-	    return 2;
++	    if (strlen(argv[i]) < PATH_MAX) {
++		XkbDB= argv[i];
++		return 2;
++	    } else {
++		ErrorF("-xkbdb pathname too long\n");
++		return -1;
++	    }
+ 	}
+ 	else {
+ 	    return -1;
+Index: programs/xfs/os/waitfor.c
+diff -u programs/xfs/os/waitfor.c:1.1 X11/xc/programs/xfs/os/waitfor.c:1.2
+--- programs/xfs/os/waitfor.c:1.1	Fri Sep  5 03:16:07 1997
++++ programs/xfs/os/waitfor.c	Mon Jul 10 15:32:38 2000
+@@ -1,5 +1,5 @@
+ /* $XConsortium: waitfor.c /main/15 1996/08/30 14:22:34 kaleb $ */
+-/* $XFree86: xc/programs/xfs/os/waitfor.c,v 3.5 1997/01/18 07:02:48 dawes Exp $ */
++/* $XFree86: xc/programs/xfs/os/waitfor.c,v 3.5.2.1 2000/06/15 21:58:35 dawes Exp $ */
+ /*
+  * waits for input
+  */
+@@ -212,7 +212,7 @@
+ 	    while (clientsReadable.fds_bits[i]) {
+ 		curclient = ffs(clientsReadable.fds_bits[i]) - 1;
+ 		conn = ConnectionTranslation[curclient + (i << 5)];
+-		FD_CLR (curclient, &clientsReadable);
++		clientsReadable.fds_bits[i] &= ~(((fd_mask)1L) << curclient);
+ 		client = clients[conn];
+ 		if (!client)
+ 		    continue;
+--- programs/xauth/process.c.orig	Fri Jul 23 06:50:50 1999
++++ programs/xauth/process.c	Sat Sep 23 15:31:27 2000
+@@ -769,7 +769,7 @@
+ static int write_auth_file (tmp_nam)
+     char *tmp_nam;
+ {
+-    FILE *fp;
++    FILE *fp = NULL;
+     AuthList *list;
+ 
+     /*
+@@ -778,12 +778,9 @@
+     strcpy (tmp_nam, xauth_filename);
+     strcat (tmp_nam, "-n");		/* for new */
+     (void) unlink (tmp_nam);
+-    fp = fopen (tmp_nam, "wb");		/* umask is still set to 0077 */
+-    if (!fp) {
+-	fprintf (stderr, "%s:  unable to open tmp file \"%s\"\n",
+-		 ProgramName, tmp_nam);
+-	return -1;
+-    } 
++    /* CPhipps 2000/02/12 - fix file unlink/fopen race */
++    fd = open(tmp_nam, O_WRONLY|O_CREAT|O_EXCL, 0600);
++    if (fd != -1) fp = fdopen(fd, "wb");
+ 
+     /*
+      * Write MIT-MAGIC-COOKIE-1 first, because R4 Xlib knows