[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Use `mkstemp' instead of `mktemp'.
From: |
Thien-Thi Nguyen |
Subject: |
[PATCH] Use `mkstemp' instead of `mktemp'. |
Date: |
Wed, 13 Jan 2010 09:53:51 +0100 |
>From 030349a79946f992eb2bd58653c39321e9794e95 Mon Sep 17 00:00:00 2001
From: Thien-Thi Nguyen <address@hidden>
Date: Wed, 13 Jan 2010 09:49:44 +0100
Subject: [PATCH] Use `mkstemp' instead of `mktemp'.
* test-suite/standalone/test-unwind.c (check_ports):
Use `mkstemp' instead of `mktemp'.
Signed-off-by: Thien-Thi Nguyen <address@hidden>
---
According to mktemp(3):
BUGS
Never use mktemp(). Some implementations follow 4.3BSD and replace
XXXXXX by the current process ID and a single letter, so that at most
26 different names can be returned. Since on the one hand the names
are easy to guess, and on the other hand there is a race between test‐
ing whether the name exists and opening the file, every use of
mktemp() is a security risk. The race is avoided by mkstemp(3).
test-suite/standalone/test-unwind.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/test-suite/standalone/test-unwind.c
b/test-suite/standalone/test-unwind.c
index f9820cc..f333c8c 100644
--- a/test-suite/standalone/test-unwind.c
+++ b/test-suite/standalone/test-unwind.c
@@ -210,7 +210,9 @@ check_ports ()
strcpy (filename, tmpdir);
strcat (filename, FILENAME_TEMPLATE);
- if (mktemp (filename) == NULL)
+ /* Sanity check: Make sure that `filename' is actually writeable.
+ We used to use mktemp(3), but that is now considered a security risk. */
+ if (0 > mkstemp (filename))
exit (1);
scm_dynwind_begin (0);
--
1.6.3.2
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] Use `mkstemp' instead of `mktemp'.,
Thien-Thi Nguyen <=