summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Guenther <guenther@cvs.openbsd.org>2013-03-12 16:47:12 +0000
committerPhilip Guenther <guenther@cvs.openbsd.org>2013-03-12 16:47:12 +0000
commitbef6134b39213defccdc1f14d6dca564b2f970f4 (patch)
treeda60c15e29c848d93414346a691382035532474e
parent5548f0945f6941103b21b0e2c738b26726b16006 (diff)
Return EINVAL if there are fewer than six template Xs in the path.
ok deraadt@ millert@
-rw-r--r--lib/libc/stdio/mktemp.338
-rw-r--r--lib/libc/stdio/mktemp.c16
2 files changed, 30 insertions, 24 deletions
diff --git a/lib/libc/stdio/mktemp.3 b/lib/libc/stdio/mktemp.3
index 6712c657367..56c7df3b88e 100644
--- a/lib/libc/stdio/mktemp.3
+++ b/lib/libc/stdio/mktemp.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: mktemp.3,v 1.49 2012/06/01 01:01:57 guenther Exp $
+.\" $OpenBSD: mktemp.3,v 1.50 2013/03/12 16:47:11 guenther Exp $
.\"
.\" Copyright (c) 1989, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -27,7 +27,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 1 2012 $
+.Dd $Mdocdate: March 12 2013 $
.Dt MKTEMP 3
.Os
.Sh NAME
@@ -52,18 +52,15 @@ The
family of functions take the given file name template and overwrite
a portion of it to create a new file name.
This file name is unique and suitable for use by the application.
-The template may be any file name with some number of Xs appended
-to it, for example
-.Pa /tmp/temp.XXXXXX .
+The template may be any file name with at least six trailing Xs,
+for example
+.Pa /tmp/temp.XXXXXXXX .
The trailing Xs are replaced with a unique digit and letter combination.
The number of unique file names that can be returned
-depends on the number of Xs provided; six Xs will result in
+depends on the number of Xs provided;
.Fn mktemp
-testing roughly 62 ** 6 combinations.
-At least 6 Xs should be used, though 10 is much better.
-Some
-.No non- Ns Bx
-implementations return an error if fewer than 6 Xs are used.
+will try at least 2 ** 31 combinations before giving up.
+At least six Xs must be used, though 10 is much better.
.Pp
The
.Fn mktemp
@@ -200,14 +197,19 @@ fails with an
of
.Er EEXIST .
.Sh ERRORS
-These functions may set
+The
+.Fn mktemp ,
+.Fn mkstemp ,
+and
+.Fn mkdtemp
+functions may set
.Va errno
to one of the following values:
.Bl -tag -width Er
.It Bq Er EINVAL
The
.Ar template
-argument is an empty string.
+argument has fewer than six trailing Xs.
.It Bq Er EEXIST
All file names tried are already in use.
Consider appending more Xs to the
@@ -239,7 +241,11 @@ to any value specified by the
function or,
.Bl -tag -width Er
.It Bq Er EINVAL
-The suffix length is longer than the template length.
+The
+.Ar template
+argument length is less than
+.Ar suffixlen
+or it has fewer than six Xs before the suffix.
.El
.Pp
The
@@ -265,9 +271,7 @@ and
functions conform to the
.St -p1003.1-2008
specification.
-The ability to specify more than six Xs and setting
-.Xr errno 2
-in case of errors are extensions to that standard.
+The ability to specify more than six Xs is an extension to that standard.
.Pp
The
.Fn mktemp
diff --git a/lib/libc/stdio/mktemp.c b/lib/libc/stdio/mktemp.c
index 0eddec6173e..61db06ab70e 100644
--- a/lib/libc/stdio/mktemp.c
+++ b/lib/libc/stdio/mktemp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mktemp.c,v 1.31 2011/10/02 07:41:56 dtucker Exp $ */
+/* $OpenBSD: mktemp.c,v 1.32 2013/03/12 16:47:11 guenther Exp $ */
/*
* Copyright (c) 1996-1998, 2008 Theo de Raadt
* Copyright (c) 1997, 2008-2009 Todd C. Miller
@@ -33,6 +33,7 @@
#define TEMPCHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
#define NUM_CHARS (sizeof(TEMPCHARS) - 1)
+#define MIN_X 6
static int
mktemp_internal(char *path, int slen, int mode)
@@ -45,19 +46,20 @@ mktemp_internal(char *path, int slen, int mode)
int fd;
len = strlen(path);
- if (len == 0 || slen < 0 || (size_t)slen >= len) {
+ if (len < MIN_X || slen < 0 || (size_t)slen > len - MIN_X) {
errno = EINVAL;
return(-1);
}
ep = path + len - slen;
- tries = 1;
- for (start = ep; start > path && start[-1] == 'X'; start--) {
- if (tries < INT_MAX / NUM_CHARS)
- tries *= NUM_CHARS;
+ for (start = ep; start > path && start[-1] == 'X'; start--)
+ ;
+ if (ep - start < MIN_X) {
+ errno = EINVAL;
+ return(-1);
}
- tries *= 2;
+ tries = INT_MAX;
do {
for (cp = start; cp != ep; cp++) {
r = arc4random_uniform(NUM_CHARS);