aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Blake <eblake@redhat.com>2007-05-16 20:06:08 +0000
committerEric Blake <eblake@redhat.com>2007-05-16 20:06:08 +0000
commitd009633d30f746b0f5c53442e5f37743653deb9d (patch)
treef1d00e10cb343e0868eb8e7528beda87fac7908e
parent895d76fed6448bb19559f57195a60ae311d0cac0 (diff)
downloadnewlib-d009633d30f746b0f5c53442e5f37743653deb9d.zip
newlib-d009633d30f746b0f5c53442e5f37743653deb9d.tar.gz
newlib-d009633d30f746b0f5c53442e5f37743653deb9d.tar.bz2
Close security hole in tmpfile.
* libc/stdio/tmpfile.c (_tmpfile_r): Avoid window between filename generation and opening the fd. * libc/stdio64/tmpfile64.c (_tmpfile64_r): Likewise.
-rw-r--r--newlib/ChangeLog5
-rw-r--r--newlib/libc/stdio/tmpfile.c22
-rw-r--r--newlib/libc/stdio64/tmpfile64.c23
3 files changed, 43 insertions, 7 deletions
diff --git a/newlib/ChangeLog b/newlib/ChangeLog
index 699dbd4..17a8a42 100644
--- a/newlib/ChangeLog
+++ b/newlib/ChangeLog
@@ -1,5 +1,10 @@
2007-05-16 Eric Blake <ebb9@byu.net>
+ Close security hole in tmpfile.
+ * libc/stdio/tmpfile.c (_tmpfile_r): Avoid window between filename
+ generation and opening the fd.
+ * libc/stdio64/tmpfile64.c (_tmpfile64_r): Likewise.
+
* libc/include/math.h (INFINITY, NAN, FP_ILOGB0, FP_ILOGBNAN)
(MATH_ERRNO, MATH_ERREXCEPT, math_errhandling): Add macros
required by POSIX.
diff --git a/newlib/libc/stdio/tmpfile.c b/newlib/libc/stdio/tmpfile.c
index a6c2c91..902ef0b 100644
--- a/newlib/libc/stdio/tmpfile.c
+++ b/newlib/libc/stdio/tmpfile.c
@@ -49,6 +49,11 @@ Supporting OS subroutines required: <<close>>, <<fstat>>, <<getpid>>,
#include <reent.h>
#include <stdio.h>
#include <errno.h>
+#include <fcntl.h>
+
+#ifndef O_BINARY
+# define O_BINARY 0
+#endif
FILE *
_DEFUN(_tmpfile_r, (ptr),
@@ -58,11 +63,22 @@ _DEFUN(_tmpfile_r, (ptr),
int e;
char *f;
char buf[L_tmpnam];
-
- if ((f = _tmpnam_r (ptr, buf)) == NULL)
+ int fd;
+
+ do
+ {
+ if ((f = _tmpnam_r (ptr, buf)) == NULL)
+ return NULL;
+ fd = _open_r (ptr, f, O_RDWR | O_CREAT | O_EXCL | O_BINARY,
+ S_IRUSR | S_IWUSR);
+ }
+ while (fd < 0 && ptr->_errno == EEXIST);
+ if (fd < 0)
return NULL;
- fp = _fopen_r (ptr, f, "wb+");
+ fp = _fdopen_r (ptr, fd, "wb+");
e = ptr->_errno;
+ if (!fp)
+ _close_r (ptr, fd);
_CAST_VOID _remove_r (ptr, f);
ptr->_errno = e;
return fp;
diff --git a/newlib/libc/stdio64/tmpfile64.c b/newlib/libc/stdio64/tmpfile64.c
index 9868963..e15f1c6 100644
--- a/newlib/libc/stdio64/tmpfile64.c
+++ b/newlib/libc/stdio64/tmpfile64.c
@@ -49,6 +49,11 @@ Supporting OS subroutines required: <<close>>, <<fstat>>, <<getpid>>,
#include <stdio.h>
#include <errno.h>
+#include <fcntl.h>
+
+#ifndef O_BINARY
+# define O_BINARY 0
+#endif
#ifdef __LARGE64_FILES
@@ -60,11 +65,22 @@ _DEFUN (_tmpfile64_r, (ptr),
int e;
char *f;
char buf[L_tmpnam];
-
- if ((f = _tmpnam_r (ptr, buf)) == NULL)
+ int fd;
+
+ do
+ {
+ if ((f = _tmpnam_r (ptr, buf)) == NULL)
+ return NULL;
+ fd = _open64_r (ptr, f, O_RDWR | O_CREAT | O_EXCL | O_BINARY,
+ S_IRUSR | S_IWUSR);
+ }
+ while (fd < 0 && ptr->_errno == EEXIST);
+ if (fd < 0)
return NULL;
- fp = _fopen64_r (ptr, (const char *)f, "wb+");
+ fp = _fdopen64_r (ptr, fd, "wb+");
e = ptr->_errno;
+ if (!fp)
+ _close_r (ptr, fd);
_CAST_VOID _remove_r (ptr, f);
ptr->_errno = e;
return fp;
@@ -81,4 +97,3 @@ _DEFUN_VOID (tmpfile64)
#endif
#endif /* __LARGE64_FILES */
-