Fix tmpfile(3) insecure file creation.

2023-02-13 20:55:38 -05:00 · 2015-10-10 01:24:43 +02:00 · 2015-10-10 01:24:43 +02:00 · f0f82fcb23
commit f0f82fcb23
parent 7c6e6ef317
1 changed files with 14 additions and 8 deletions
--- a/libc/stdio/tmpfile.cpp
+++ b/libc/stdio/tmpfile.cpp
@ -1,6 +1,6 @@
 /*******************************************************************************

-    Copyright(C) Jonas 'Sortie' Termansen 2013.
+    Copyright(C) Jonas 'Sortie' Termansen 2013, 2015.

    This file is part of the Sortix C Library.

@ -25,15 +25,21 @@
 #include <sys/types.h>

 #include <stdio.h>
+#include <stdlib.h>
 #include <unistd.h>

 extern "C" FILE* tmpfile()
 {
-	char name[5 + sizeof(pid_t) * 3];
-	snprintf(name, sizeof(name), "/tmp/%ju", (uintmax_t) getpid());
-	FILE* ret = fopen(name, "w+");
-	if ( !ret )
-		return NULL;
-	unlink(name);
-	return ret;
+	// TODO: There is a short interval during which other processes can access
+	//       this file. Implement and use O_TMPFILE.
+	char path[] = "/tmp/tmp.XXXXXX";
+	int fd = mkstemp(path);
+	if ( fd < 0 )
+		return (FILE*) NULL;
+	if ( unlink(path) < 0 )
+		return close(fd), (FILE*) NULL;
+	FILE* fp = fdopen(fd, "r+");
+	if ( !fp )
+		return close(fd), (FILE*) NULL;
+	return fp;
 }