major improvements to temp file name generator

use current time in nanoseconds and some potentially-random (if aslr is enabled) pointer values for the initial tempfile name generation, and step via a cheap linear prng on collisions. limit the number of retry attempts to prevent denial of service attacks even if an attacker can guess the filenames.
2025-01-23 06:32:05 +03:00 · 2011-02-18 17:04:56 -05:00 · 2011-02-18 17:04:56 -05:00 · 446b4207cc
commit 446b4207cc
parent 3e9e30166f
3 changed files with 21 additions and 16 deletions
--- a/src/temp/mkdtemp.c
+++ b/src/temp/mkdtemp.c
@ -12,7 +12,8 @@ char *__mktemp(char *);

 char *mkdtemp(char *template)
 {
-	for (;;) {
+	int retries = 100;
+	while (retries--) {
 		if (!__mktemp(template)) return 0;
 		if (!mkdir(template, 0700)) return template;
 		if (errno != EEXIST) return 0;
@ -20,4 +21,5 @@ char *mkdtemp(char *template)
 		 * that we have a valid template string */
 		strcpy(template+strlen(template)-6, "XXXXXX");
 	}
+	return 0;
 }
--- a/src/temp/mkstemp.c
+++ b/src/temp/mkstemp.c
@ -11,8 +11,8 @@ char *__mktemp(char *);

 int mkstemp(char *template)
 {
-	int fd;
-	for (;;) {
+	int fd, retries = 100;
+	while (retries--) {
 		if (!__mktemp(template)) return 0;
 		if ((fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600))>=0)
 			return fd;
@ -21,6 +21,7 @@ int mkstemp(char *template)
 		 * that we have a valid template string */
 		strcpy(template+strlen(template)-6, "XXXXXX");
 	}
+	return -1;
 }

 LFS64(mkstemp);
--- a/src/temp/mktemp.c
+++ b/src/temp/mktemp.c
@ -4,28 +4,30 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <errno.h>
+#include <time.h>
+#include <stdint.h>
 #include "libc.h"

 char *__mktemp(char *template)
 {
-	static int lock;
-	static int index;
-	int l = strlen(template);
+	struct timespec ts;
+	size_t l = strlen(template);
+	int retries = 10000;
+	unsigned long r;

 	if (l < 6 || strcmp(template+l-6, "XXXXXX")) {
 		errno = EINVAL;
-		return NULL;
+		return 0;
 	}
-	LOCK(&lock);
-	for (; index < 1000000; index++) {
-		snprintf(template+l-6, 6, "%06d", index);
-		if (access(template, F_OK) != 0) {
-			UNLOCK(&lock);
-			return template;
-		}
+	clock_gettime(CLOCK_REALTIME, &ts);
+	r = ts.tv_nsec + (uintptr_t)&ts / 16 + (uintptr_t)template;
+	while (retries--) {
+		snprintf(template+l-6, 7, "%06lX", r & 0xffffff);
+		if (access(template, F_OK) < 0) return template;
+		r = r * 1103515245 + 12345;
 	}
-	UNLOCK(&lock);
-	return NULL;	
+	errno = EEXIST;
+	return 0;
 }

 weak_alias(__mktemp, mktemp);