PR/30839: Tomas Skäre: Buffer underflow in lib/libc/stdio/tempnam.c
when *dir == "".
This commit is contained in:
parent
56d4febf60
commit
f44796a7b7
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: tempnam.c,v 1.17 2003/08/07 16:43:33 agc Exp $ */
|
/* $NetBSD: tempnam.c,v 1.18 2005/07/26 16:12:49 christos Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1988, 1993
|
* Copyright (c) 1988, 1993
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
#if 0
|
#if 0
|
||||||
static char sccsid[] = "@(#)tempnam.c 8.1 (Berkeley) 6/4/93";
|
static char sccsid[] = "@(#)tempnam.c 8.1 (Berkeley) 6/4/93";
|
||||||
#else
|
#else
|
||||||
__RCSID("$NetBSD: tempnam.c,v 1.17 2003/08/07 16:43:33 agc Exp $");
|
__RCSID("$NetBSD: tempnam.c,v 1.18 2005/07/26 16:12:49 christos Exp $");
|
||||||
#endif
|
#endif
|
||||||
#endif /* LIBC_SCCS and not lint */
|
#endif /* LIBC_SCCS and not lint */
|
||||||
|
|
||||||
|
@ -52,42 +52,48 @@ __RCSID("$NetBSD: tempnam.c,v 1.17 2003/08/07 16:43:33 agc Exp $");
|
||||||
__warn_references(tempnam,
|
__warn_references(tempnam,
|
||||||
"warning: tempnam() possibly used unsafely, use mkstemp() or mkdtemp()")
|
"warning: tempnam() possibly used unsafely, use mkstemp() or mkdtemp()")
|
||||||
|
|
||||||
|
static const char *
|
||||||
|
trailsl(const char *f)
|
||||||
|
{
|
||||||
|
const char *s = f;
|
||||||
|
while (*s)
|
||||||
|
s++;
|
||||||
|
return (f != s && s[-1] == '/') ? "/" : "";
|
||||||
|
}
|
||||||
|
|
||||||
|
static char *
|
||||||
|
gentemp(char *name, size_t len, const char *tmp, const char *pfx)
|
||||||
|
{
|
||||||
|
(void)snprintf(name, len, "%s%s%sXXXXXXXXXX", tmp, trailsl(tmp), pfx);
|
||||||
|
return _mktemp(name);
|
||||||
|
}
|
||||||
|
|
||||||
char *
|
char *
|
||||||
tempnam(dir, pfx)
|
tempnam(const char *dir, const char *pfx)
|
||||||
const char *dir, *pfx;
|
|
||||||
{
|
{
|
||||||
int sverrno;
|
int sverrno;
|
||||||
char *f, *name;
|
char *name, *f;
|
||||||
|
const char *tmp;
|
||||||
|
|
||||||
if (!(name = malloc((size_t)MAXPATHLEN)))
|
if (!(name = malloc((size_t)MAXPATHLEN)))
|
||||||
return(NULL);
|
return NULL;
|
||||||
|
|
||||||
if (!pfx)
|
if (!pfx)
|
||||||
pfx = "tmp.";
|
pfx = "tmp.";
|
||||||
|
|
||||||
if ((f = getenv("TMPDIR")) != NULL) {
|
if ((tmp = getenv("TMPDIR")) != NULL &&
|
||||||
(void)snprintf(name, (size_t)MAXPATHLEN, "%s%s%sXXXXXXXXXX", f,
|
(f = gentemp(name, (size_t)MAXPATHLEN, tmp, pfx)) != NULL)
|
||||||
*(f + strlen(f) - 1) == '/'? "": "/", pfx);
|
return f;
|
||||||
if ((f = _mktemp(name)) != NULL)
|
|
||||||
return(f);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((/* LINTED */f = (char *)dir) != NULL) {
|
if (dir != NULL &&
|
||||||
(void)snprintf(name, (size_t)MAXPATHLEN, "%s%s%sXXXXXXXXXX", f,
|
(f = gentemp(name, (size_t)MAXPATHLEN, dir, pfx)) != NULL)
|
||||||
*(f + strlen(f) - 1) == '/'? "": "/", pfx);
|
return f;
|
||||||
if ((f = _mktemp(name)) != NULL)
|
|
||||||
return(f);
|
|
||||||
}
|
|
||||||
|
|
||||||
f = P_tmpdir;
|
if ((f = gentemp(name, (size_t)MAXPATHLEN, P_tmpdir, pfx)) != NULL)
|
||||||
(void)snprintf(name, (size_t)MAXPATHLEN, "%s%sXXXXXXXXXX", f, pfx);
|
return f;
|
||||||
if ((f = _mktemp(name)) != NULL)
|
|
||||||
return(f);
|
|
||||||
|
|
||||||
f = _PATH_TMP;
|
if ((f = gentemp(name, (size_t)MAXPATHLEN, _PATH_TMP, pfx)) != NULL)
|
||||||
(void)snprintf(name, (size_t)MAXPATHLEN, "%s%sXXXXXXXXXX", f, pfx);
|
return f;
|
||||||
if ((f = _mktemp(name)) != NULL)
|
|
||||||
return(f);
|
|
||||||
|
|
||||||
sverrno = errno;
|
sverrno = errno;
|
||||||
free(name);
|
free(name);
|
||||||
|
|
Loading…
Reference in New Issue