From 5c112f1b62b6fca7348c64a004e9fc4cfdaca1ad Mon Sep 17 00:00:00 2001
From: Joseph Myers <joseph@codesourcery.com>
Date: Wed, 18 Jul 2018 21:04:12 +0000
Subject: Avoid insecure usage of tmpnam in tests.

Various glibc testcases use tmpnam in ways subject to race conditions
(generate a temporary file name, then later open that file without
O_EXCL).

This patch fixes those tests to use mkstemp - generally a minimal
local fix to use mkstemp instead of tmpnam, rather than a larger fix
to use other testsuite infrastructure for temporary files.  The
unchanged use of tmpnam in posix/wordexp-test.c would fail safe in the
event of a race (it's generating a name for use with mkdir rather than
for a file to be opened for writing).

Tested for x86_64.

	* grp/tst_fgetgrent.c: Include <unistd.h>.
	(main): Use mkstemp instead of tmpnam.
	* io/test-utime.c (main): Likewise.
	* posix/annexc.c (macrofile): Change to modifiable array.
	(get_null_defines): Use mkstemp instead of tmpnam.  Do not remove
	macrofile here.
	* posix/bug-getopt1.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt2.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt3.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt4.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt5.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* stdio-common/bug7.c: Include <stdlib.h> and <unistd.h>.
	(main): Use mkstemp instead of tmpnam.
	* stdio-common/tst-fdopen.c: Include <stdlib.h>.
	(main): Use mkstemp instead of tmpnam.
	* stdio-common/tst-ungetc.c: Include <stdlib.h>.
	(main): use mkstemp instead of tmpnam.
	* stdlib/isomac.c (macrofile): Change to modifiable array.
	(get_null_defines): Use mkstemp instead of tmpnam.  Do not remove
	macrofile here.
---
 io/test-utime.c | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

(limited to 'io')

diff --git a/io/test-utime.c b/io/test-utime.c
index 2ad0995..0ab778e 100644
--- a/io/test-utime.c
+++ b/io/test-utime.c
@@ -27,23 +27,17 @@
 int
 main (int argc, char *argv[])
 {
-  char file[L_tmpnam];
+  char file[] = "/tmp/test-utime.XXXXXX";
   struct utimbuf ut;
   struct stat st;
   struct stat stnow;
   time_t now1, now2;
   int fd;
 
-  if (tmpnam (file) == 0)
-    {
-      perror ("tmpnam");
-      return 1;
-    }
-
-  fd = creat (file, 0666);
+  fd = mkstemp (file);
   if (fd < 0)
     {
-      perror ("creat");
+      perror ("mkstemp");
       return 1;
     }
   close (fd);
-- 
cgit v1.1