57 lines
1.2 KiB
Plaintext
57 lines
1.2 KiB
Plaintext
Security fix for CVE-2001-1593
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1060630
|
|
|
|
--- lib/routines.c.orig Sat Dec 29 02:58:23 2007
|
|
+++ lib/routines.c Mon Feb 3 18:27:12 2014
|
|
@@ -242,3 +242,50 @@ unlink2 (PARAM_UNUSED void * dummy, const char * filen
|
|
/* Don't complain if you can't unlink. Who cares of a tmp file? */
|
|
unlink (filename);
|
|
}
|
|
+
|
|
+/*
|
|
+ * Securely generate a temp file, and make sure it gets
|
|
+ * deleted upon exit.
|
|
+ */
|
|
+static char ** tempfiles;
|
|
+static unsigned ntempfiles;
|
|
+
|
|
+static void
|
|
+cleanup_tempfiles()
|
|
+{
|
|
+ while (ntempfiles--)
|
|
+ unlink(tempfiles[ntempfiles]);
|
|
+}
|
|
+
|
|
+char *
|
|
+safe_tempnam(const char *pfx)
|
|
+{
|
|
+ char *dirname, *filename;
|
|
+ int fd;
|
|
+
|
|
+ if (!(dirname = getenv("TMPDIR")))
|
|
+ dirname = "/tmp";
|
|
+
|
|
+ tempfiles = (char **) realloc(tempfiles,
|
|
+ (ntempfiles+1) * sizeof(char *));
|
|
+ if (tempfiles == NULL)
|
|
+ return NULL;
|
|
+
|
|
+ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
|
|
+ if (!filename)
|
|
+ return NULL;
|
|
+
|
|
+ sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
|
|
+
|
|
+ if ((fd = mkstemp(filename)) < 0) {
|
|
+ free(filename);
|
|
+ return NULL;
|
|
+ }
|
|
+ close(fd);
|
|
+
|
|
+ if (ntempfiles == 0)
|
|
+ atexit(cleanup_tempfiles);
|
|
+ tempfiles[ntempfiles++] = filename;
|
|
+
|
|
+ return filename;
|
|
+}
|