From ec23c255e21474cba0b82dcbb2c09102254e14ae Mon Sep 17 00:00:00 2001 From: Kris Kennaway Date: Sun, 16 Jan 2000 21:19:04 +0000 Subject: [PATCH] Fix insecure tempfile handling. Reviewed by: audit@freebsd.org --- usr.sbin/kgzip/kgzip.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/usr.sbin/kgzip/kgzip.c b/usr.sbin/kgzip/kgzip.c index 3af89e58cd15..d65476a82770 100644 --- a/usr.sbin/kgzip/kgzip.c +++ b/usr.sbin/kgzip/kgzip.c @@ -47,11 +47,9 @@ static const char rcsid[] = #define SFX_KGZ ".kgz" /* Filename suffix: executable */ #define SFX_MAX 5 /* Size of larger filename suffix */ -#define TMP_PREFIX "kgz" /* Temporary file prefix */ - const char *loader = "/usr/lib/kgzldr.o"; /* Default loader */ -static const char *tname; /* Name of temporary file */ +char *tname; /* Name of temporary file */ static void cleanup(void); static void mk_fn(int, const char *, const char *, char *[]); @@ -68,6 +66,12 @@ main(int argc, char *argv[]) const char *output; int cflag, vflag, c; + if (getenv("TMPDIR") == NULL) + tname = strdup("/tmp/kgzXXXXXXXXXX"); + else + if (asprintf(&tname, "%s/kgzXXXXXXXXXX", getenv("TMPDIR")) == -1) + errx(1, "Out of memory"); + output = NULL; cflag = vflag = 0; while ((c = getopt(argc, argv, "cvl:o:")) != -1) @@ -122,7 +126,7 @@ mk_fn(int cflag, const char *f1, const char *f2, char *fn[]) { const char *p, *s; size_t n; - int i; + int i, fd; i = 0; s = strrchr(f1, 0); @@ -133,8 +137,9 @@ mk_fn(int cflag, const char *f1, const char *f2, char *fn[]) } fn[i++] = (char *)f1; if (i == FN_OBJ && !cflag) { - if (!(tname = tempnam(NULL, TMP_PREFIX))) + if ((fd = mkstemp(tname)) == -1) err(1, NULL); + close(fd); fn[i++] = (char *)tname; } if (!(fn[i] = (char *)f2)) {