>From 030349a79946f992eb2bd58653c39321e9794e95 Mon Sep 17 00:00:00 2001 From: Thien-Thi Nguyen <t...@gnuvola.org> Date: Wed, 13 Jan 2010 09:49:44 +0100 Subject: [PATCH] Use `mkstemp' instead of `mktemp'.
* test-suite/standalone/test-unwind.c (check_ports): Use `mkstemp' instead of `mktemp'. Signed-off-by: Thien-Thi Nguyen <t...@gnuvola.org> --- According to mktemp(3): BUGS Never use mktemp(). Some implementations follow 4.3BSD and replace XXXXXX by the current process ID and a single letter, so that at most 26 different names can be returned. Since on the one hand the names are easy to guess, and on the other hand there is a race between test‐ ing whether the name exists and opening the file, every use of mktemp() is a security risk. The race is avoided by mkstemp(3). test-suite/standalone/test-unwind.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/test-suite/standalone/test-unwind.c b/test-suite/standalone/test-unwind.c index f9820cc..f333c8c 100644 --- a/test-suite/standalone/test-unwind.c +++ b/test-suite/standalone/test-unwind.c @@ -210,7 +210,9 @@ check_ports () strcpy (filename, tmpdir); strcat (filename, FILENAME_TEMPLATE); - if (mktemp (filename) == NULL) + /* Sanity check: Make sure that `filename' is actually writeable. + We used to use mktemp(3), but that is now considered a security risk. */ + if (0 > mkstemp (filename)) exit (1); scm_dynwind_begin (0); -- 1.6.3.2