Use mkstemp() for secure tempfile creation instead of tempnam()

Obtained from:	OpenBSD
Reviewed by:	mikeh
This commit is contained in:
Kris Kennaway 2001-04-26 07:32:27 +00:00
parent f39162a2e1
commit ffbef1cd72
4 changed files with 39 additions and 17 deletions

View File

@ -224,6 +224,9 @@ extern int exit_val;
extern int docrc;
extern char *dirptr;
extern char *argv0;
extern char *tempfile;
extern char *tempbase;
int main __P((int, char **));
void sig_cleanup __P((int));

View File

@ -55,6 +55,7 @@ static const char rcsid[] =
#include <sys/resource.h>
#include <errno.h>
#include <locale.h>
#include <paths.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
@ -96,6 +97,8 @@ int exit_val; /* exit value */
int docrc; /* check/create file crc */
char *dirptr; /* destination dir in a copy */
char *argv0; /* root of argv[0] */
char *tempfile; /* tempfile to use for mkstemp(3) */
char *tempbase; /* basename of tempfile to use for mkstemp(3) */
sigset_t s_mask; /* signal mask for cleanup critical sect */
/*
@ -228,7 +231,29 @@ main(argc, argv)
char **argv;
#endif
{
char *tmpdir;
size_t tdlen;
(void) setlocale(LC_ALL, "");
/*
* Where should we put temporary files?
*/
if ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0')
tmpdir = _PATH_TMP;
tdlen = strlen(tmpdir);
while(tdlen > 0 && tmpdir[tdlen - 1] == '/')
tdlen--;
tempfile = malloc(tdlen + 1 + sizeof(_TFILE_BASE));
if (tempfile == NULL) {
pax_warn(1, "Cannot allocate memory for temp file name.");
return(exit_val);
}
if (tdlen)
memcpy(tempfile, tmpdir, tdlen);
tempbase = tempfile + tdlen;
*tempbase++ = '/';
/*
* parse options, determine operational mode, general init
*/

View File

@ -237,3 +237,4 @@ typedef struct oplist {
#define HEX 16
#define OCT 8
#define _PAX_ 1
#define _TFILE_BASE "paxXXXXXXXXXX"

View File

@ -360,8 +360,6 @@ int
ftime_start()
#endif
{
char *pt;
if (ftab != NULL)
return(0);
if ((ftab = (FTM **)calloc(F_TAB_SZ, sizeof(FTM *))) == NULL) {
@ -373,16 +371,14 @@ ftime_start()
* get random name and create temporary scratch file, unlink name
* so it will get removed on exit
*/
if ((pt = tempnam((char *)NULL, (char *)NULL)) == NULL)
return(-1);
(void)unlink(pt);
if ((ffd = open(pt, O_RDWR | O_CREAT, S_IRWXU)) < 0) {
sys_warn(1, errno, "Unable to open temporary file: %s", pt);
memcpy(tempbase, _TFILE_BASE, sizeof(_TFILE_BASE));
if ((ffd = mkstemp(tempfile)) < 0) {
sys_warn(1, errno, "Unable to create temporary file: %s",
tempfile);
return(-1);
}
(void)unlink(tempfile);
(void)unlink(pt);
return(0);
}
@ -1210,22 +1206,19 @@ int
dir_start()
#endif
{
char *pt;
if (dirfd != -1)
return(0);
if ((pt = tempnam((char *)NULL, (char *)NULL)) == NULL)
return(-1);
/*
* unlink the file so it goes away at termination by itself
*/
(void)unlink(pt);
if ((dirfd = open(pt, O_RDWR|O_CREAT, 0600)) >= 0) {
(void)unlink(pt);
memcpy(tempbase, _TFILE_BASE, sizeof(_TFILE_BASE));
if ((dirfd = mkstemp(tempfile)) >= 0) {
(void)unlink(tempfile);
return(0);
}
pax_warn(1, "Unable to create temporary file for directory times: %s", pt);
pax_warn(1, "Unable to create temporary file for directory times: %s",
tempfile);
return(-1);
}