diff options
author | Philip Guenther <guenther@cvs.openbsd.org> | 2013-03-12 16:47:12 +0000 |
---|---|---|
committer | Philip Guenther <guenther@cvs.openbsd.org> | 2013-03-12 16:47:12 +0000 |
commit | bef6134b39213defccdc1f14d6dca564b2f970f4 (patch) | |
tree | da60c15e29c848d93414346a691382035532474e | |
parent | 5548f0945f6941103b21b0e2c738b26726b16006 (diff) |
Return EINVAL if there are fewer than six template Xs in the path.
ok deraadt@ millert@
-rw-r--r-- | lib/libc/stdio/mktemp.3 | 38 | ||||
-rw-r--r-- | lib/libc/stdio/mktemp.c | 16 |
2 files changed, 30 insertions, 24 deletions
diff --git a/lib/libc/stdio/mktemp.3 b/lib/libc/stdio/mktemp.3 index 6712c657367..56c7df3b88e 100644 --- a/lib/libc/stdio/mktemp.3 +++ b/lib/libc/stdio/mktemp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mktemp.3,v 1.49 2012/06/01 01:01:57 guenther Exp $ +.\" $OpenBSD: mktemp.3,v 1.50 2013/03/12 16:47:11 guenther Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: June 1 2012 $ +.Dd $Mdocdate: March 12 2013 $ .Dt MKTEMP 3 .Os .Sh NAME @@ -52,18 +52,15 @@ The family of functions take the given file name template and overwrite a portion of it to create a new file name. This file name is unique and suitable for use by the application. -The template may be any file name with some number of Xs appended -to it, for example -.Pa /tmp/temp.XXXXXX . +The template may be any file name with at least six trailing Xs, +for example +.Pa /tmp/temp.XXXXXXXX . The trailing Xs are replaced with a unique digit and letter combination. The number of unique file names that can be returned -depends on the number of Xs provided; six Xs will result in +depends on the number of Xs provided; .Fn mktemp -testing roughly 62 ** 6 combinations. -At least 6 Xs should be used, though 10 is much better. -Some -.No non- Ns Bx -implementations return an error if fewer than 6 Xs are used. +will try at least 2 ** 31 combinations before giving up. +At least six Xs must be used, though 10 is much better. .Pp The .Fn mktemp @@ -200,14 +197,19 @@ fails with an of .Er EEXIST . .Sh ERRORS -These functions may set +The +.Fn mktemp , +.Fn mkstemp , +and +.Fn mkdtemp +functions may set .Va errno to one of the following values: .Bl -tag -width Er .It Bq Er EINVAL The .Ar template -argument is an empty string. +argument has fewer than six trailing Xs. .It Bq Er EEXIST All file names tried are already in use. Consider appending more Xs to the @@ -239,7 +241,11 @@ to any value specified by the function or, .Bl -tag -width Er .It Bq Er EINVAL -The suffix length is longer than the template length. +The +.Ar template +argument length is less than +.Ar suffixlen +or it has fewer than six Xs before the suffix. .El .Pp The @@ -265,9 +271,7 @@ and functions conform to the .St -p1003.1-2008 specification. -The ability to specify more than six Xs and setting -.Xr errno 2 -in case of errors are extensions to that standard. +The ability to specify more than six Xs is an extension to that standard. .Pp The .Fn mktemp diff --git a/lib/libc/stdio/mktemp.c b/lib/libc/stdio/mktemp.c index 0eddec6173e..61db06ab70e 100644 --- a/lib/libc/stdio/mktemp.c +++ b/lib/libc/stdio/mktemp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mktemp.c,v 1.31 2011/10/02 07:41:56 dtucker Exp $ */ +/* $OpenBSD: mktemp.c,v 1.32 2013/03/12 16:47:11 guenther Exp $ */ /* * Copyright (c) 1996-1998, 2008 Theo de Raadt * Copyright (c) 1997, 2008-2009 Todd C. Miller @@ -33,6 +33,7 @@ #define TEMPCHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" #define NUM_CHARS (sizeof(TEMPCHARS) - 1) +#define MIN_X 6 static int mktemp_internal(char *path, int slen, int mode) @@ -45,19 +46,20 @@ mktemp_internal(char *path, int slen, int mode) int fd; len = strlen(path); - if (len == 0 || slen < 0 || (size_t)slen >= len) { + if (len < MIN_X || slen < 0 || (size_t)slen > len - MIN_X) { errno = EINVAL; return(-1); } ep = path + len - slen; - tries = 1; - for (start = ep; start > path && start[-1] == 'X'; start--) { - if (tries < INT_MAX / NUM_CHARS) - tries *= NUM_CHARS; + for (start = ep; start > path && start[-1] == 'X'; start--) + ; + if (ep - start < MIN_X) { + errno = EINVAL; + return(-1); } - tries *= 2; + tries = INT_MAX; do { for (cp = start; cp != ep; cp++) { r = arc4random_uniform(NUM_CHARS); |