Re: [LEDE-DEV] [PATCH] uci/file: replace mktemp() with mkstemp()

[Maxim Gorbachyov]

On Sun, Sep 17, 2017 at 4:06 PM, Stijn Tintel  wrote:

>> Because mktemp() is evil.
> Hi, please add a reference when making such claims.

"Never use mktemp() ... every use of mktemp() is a security risk"
https://linux.die.net/man/3/mktemp

I thought it's obvious.

___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

[LEDE-DEV] [PATCH] uci/file: replace mktemp() with mkstemp()

[Maxim Gorbachyov]

Because mktemp() is evil.

Signed-off-by: Maxim Gorbachyov <maxim.gorbach...@gmail.com>
---
 file.c | 19 +++
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/file.c b/file.c
index 494c649..ad0355b 100644
--- a/file.c
+++ b/file.c
@@ -28,6 +28,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "uci.h"
 #include "uci_internal.h"
@@ -725,8 +726,8 @@ static void uci_file_commit(struct uci_context *ctx, struct 
uci_package **packag
char *name = NULL;
char *path = NULL;
char *filename = NULL;
-   struct stat statbuf;
bool do_rename = false;
+   int fd;
 
if (!p->path) {
if (overwrite)
@@ -772,18 +773,20 @@ static void uci_file_commit(struct uci_context *ctx, 
struct uci_package **packag
goto done;
}
 
-   if (!mktemp(filename))
-   *filename = 0;
+   fd = mkstemp(filename);
+   if (fd == -1)
+   UCI_THROW(ctx, UCI_ERR_IO);
 
-   if (!*filename) {
-   free(filename);
+   if ((flock(fd, LOCK_EX) < 0) && (errno != ENOSYS))
+   UCI_THROW(ctx, UCI_ERR_IO);
+
+   if (lseek(fd, 0, SEEK_SET) < 0)
UCI_THROW(ctx, UCI_ERR_IO);
-   }
 
-   if ((stat(filename, ) == 0) && ((statbuf.st_mode & S_IFMT) != 
S_IFREG))
+   f2 = fdopen(fd, "w+");
+   if (!f2)
UCI_THROW(ctx, UCI_ERR_IO);
 
-   f2 = uci_open_stream(ctx, filename, p->path, SEEK_SET, true, true);
uci_export(ctx, f2, p, false);
 
fflush(f2);
-- 
2.14.1


___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev