Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 28 Jan 2013 00:01:35 -0500
From: "Anthony G. Basile" <blueness@...too.org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] Add support for mkostemp, mkstemps and mkostemps

Okay after some chat on IRC, my next attemp will change the following:

1) Use weak_alias for mkostemp, mkostemps and mkstemps

2) Don't use malloc to copy the suffix (which I forgot to free anyhow), 
but simply save the one initial char so that we can cut the XXXXXX from 
the suffix and restore it.

3) Refactorize mktemp so that the generation of the random chars to 
replace XXXXXX is separated from the while(retries--) { access(...); }  
Use __randname for mkstemp and friends which don't need the access check 
with O_EXCL.

4) Rename __gen_tempname to __open_tempfile which more clearly says what 
it does.

Okay ... patch coming in my next email to the list.


On 01/27/2013 09:36 PM, Anthony G. Basile wrote:
> From: "Anthony G. Basile" <basile@...nsource.dyc.edu>
>
> Signed-off-by: Anthony G. Basile <blueness@...too.org>
> ---
>   include/stdlib.h     |  6 ++++++
>   src/temp/mkostemp.c  | 16 ++++++++++++++++
>   src/temp/mkostemps.c | 16 ++++++++++++++++
>   src/temp/mkstemp.c   | 15 ++-------------
>   src/temp/mkstemps.c  | 16 ++++++++++++++++
>   src/temp/tempname.c  | 42 ++++++++++++++++++++++++++++++++++++++++++
>   6 files changed, 98 insertions(+), 13 deletions(-)
>   create mode 100644 src/temp/mkostemp.c
>   create mode 100644 src/temp/mkostemps.c
>   create mode 100644 src/temp/mkstemps.c
>   create mode 100644 src/temp/tempname.c
>
> diff --git a/include/stdlib.h b/include/stdlib.h
> index 671d188..4210f40 100644
> --- a/include/stdlib.h
> +++ b/include/stdlib.h
> @@ -95,6 +95,9 @@ int posix_memalign (void **, size_t, size_t);
>   int setenv (const char *, const char *, int);
>   int unsetenv (const char *);
>   int mkstemp (char *);
> +int mkostemp (char *, int);
> +int mkstemps (char *, int);
> +int mkostemps (char *, int, int);
>   char *mkdtemp (char *);
>   int getsubopt (char **, char *const *, char **);
>   int rand_r (unsigned *);
> @@ -150,6 +153,9 @@ char *gcvt(double, int, char *);
>   
>   #if defined(_LARGEFILE64_SOURCE) || defined(_GNU_SOURCE)
>   #define mkstemp64 mkstemp
> +#define mkostemp64 mkostemp
> +#define mkstemps64 mkstemps
> +#define mkostemps64 mkostemps
>   #endif
>   
>   #ifdef __cplusplus
> diff --git a/src/temp/mkostemp.c b/src/temp/mkostemp.c
> new file mode 100644
> index 0000000..4fd374c
> --- /dev/null
> +++ b/src/temp/mkostemp.c
> @@ -0,0 +1,16 @@
> +#define _GNU_SOURCE
> +#include <string.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <fcntl.h>
> +#include <unistd.h>
> +#include <limits.h>
> +#include <errno.h>
> +#include "libc.h"
> +
> +int __gen_tempname (char *, int, int);
> +
> +int mkostemp(char *template, int flags)
> +{
> +	return __gen_tempname (template, 0, flags);
> +}
> diff --git a/src/temp/mkostemps.c b/src/temp/mkostemps.c
> new file mode 100644
> index 0000000..9affae3
> --- /dev/null
> +++ b/src/temp/mkostemps.c
> @@ -0,0 +1,16 @@
> +#define _GNU_SOURCE
> +#include <string.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <fcntl.h>
> +#include <unistd.h>
> +#include <limits.h>
> +#include <errno.h>
> +#include "libc.h"
> +
> +int __gen_tempname (char *, int, int);
> +
> +int mkostemps(char *template, int len, int flags)
> +{
> +	return __gen_tempname (template, len, flags);
> +}
> diff --git a/src/temp/mkstemp.c b/src/temp/mkstemp.c
> index a390d42..08914d4 100644
> --- a/src/temp/mkstemp.c
> +++ b/src/temp/mkstemp.c
> @@ -7,22 +7,11 @@
>   #include <errno.h>
>   #include "libc.h"
>   
> -char *__mktemp(char *);
> +int __gen_tempname (char *, int, int);
>   
>   int mkstemp(char *template)
>   {
> -	int fd, retries = 100, t0 = *template;
> -	while (retries--) {
> -		if (!*__mktemp(template)) return -1;
> -		if ((fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600))>=0)
> -			return fd;
> -		if (errno != EEXIST) return -1;
> -		/* this is safe because mktemp verified
> -		 * that we have a valid template string */
> -		template[0] = t0;
> -		strcpy(template+strlen(template)-6, "XXXXXX");
> -	}
> -	return -1;
> +	return __gen_tempname (template, 0, O_RDWR);
>   }
>   
>   LFS64(mkstemp);
> diff --git a/src/temp/mkstemps.c b/src/temp/mkstemps.c
> new file mode 100644
> index 0000000..e194444
> --- /dev/null
> +++ b/src/temp/mkstemps.c
> @@ -0,0 +1,16 @@
> +#define _GNU_SOURCE
> +#include <string.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <fcntl.h>
> +#include <unistd.h>
> +#include <limits.h>
> +#include <errno.h>
> +#include "libc.h"
> +
> +int __gen_tempname (char *, int, int);
> +
> +int mkstemps(char *template, int len)
> +{
> +	return __gen_tempname (template, len, O_RDWR);
> +}
> diff --git a/src/temp/tempname.c b/src/temp/tempname.c
> new file mode 100644
> index 0000000..1c198bf
> --- /dev/null
> +++ b/src/temp/tempname.c
> @@ -0,0 +1,42 @@
> +#include <string.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <fcntl.h>
> +#include <unistd.h>
> +#include <limits.h>
> +#include <errno.h>
> +#include "libc.h"
> +
> +char *__mktemp(char *);
> +
> +int __gen_tempname (char *template, int len, int flags)
> +{
> +	if (len < 0) return EINVAL;
> +
> +	int templen = strlen(template)-len;
> +	if (templen<6) return EINVAL;
> +
> +	char *suffix = (char *)malloc((len+1)*sizeof(char));
> +	/* Copy the last len chars plus the null termination */
> +	int i;
> +	for (i = 0; i <= len; i++)
> +		suffix[i] = template[templen+i];
> +	/* Null terminate the template before the suffice */
> +	template[templen] = '\0';
> +
> +	int fd, retries = 100, t0 = *template;
> +	while (retries--) {
> +		if (!*__mktemp(template)) return -1;
> +		/* Copy back the suffix */
> +		for (i = 0; i <= len; i++)
> +			template[templen+i] = suffix[i];
> +		if ((fd = open(template, flags | O_CREAT | O_EXCL, 0600))>=0)
> +			return fd;
> +		if (errno != EEXIST) return -1;
> +		/* this is safe because mktemp verified
> +		 * that we have a valid template string */
> +		template[0] = t0;
> +		strcpy(template+templen-6, "XXXXXX");
> +	}
> +	return -1;
> +}


-- 
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail    : blueness@...too.org
GnuPG FP  : 1FED FAD9 D82C 52A5 3BAB  DC79 9384 FA6E F52D 4BBA
GnuPG ID  : F52D4BBA

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.