diff options
| author | Moritz Jodeit <moritz@cvs.openbsd.org> | 2007-09-17 15:12:45 +0000 |
|---|---|---|
| committer | Moritz Jodeit <moritz@cvs.openbsd.org> | 2007-09-17 15:12:45 +0000 |
| commit | 1d9168709cd84e6ee98534bb1b51d58498dd71ca (patch) | |
| tree | 932ba9a53e02010e9cd96d5537357fd72f915bd5 /lib/libc/stdio | |
| parent | ce66a51714dabf16c7ab5ada2fd6f293f1f3958c (diff) | |
Prevent out-of-bounds memory access in tempnam(3), if the environment
variable TMPDIR or the argument `dir' is an empty string.
With and ok millert@ ray@
Diffstat (limited to 'lib/libc/stdio')
| -rw-r--r-- | lib/libc/stdio/tempnam.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/libc/stdio/tempnam.c b/lib/libc/stdio/tempnam.c index 3b7ec75c702..46b9d5536f8 100644 --- a/lib/libc/stdio/tempnam.c +++ b/lib/libc/stdio/tempnam.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tempnam.c,v 1.14 2005/08/08 08:05:36 espie Exp $ */ +/* $OpenBSD: tempnam.c,v 1.15 2007/09/17 15:12:44 moritz Exp $ */ /* * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. @@ -53,14 +53,15 @@ tempnam(const char *dir, const char *pfx) if (!pfx) pfx = "tmp."; - if (issetugid() == 0 && (f = getenv("TMPDIR"))) { + if (issetugid() == 0 && (f = getenv("TMPDIR")) && *f != '\0') { (void)snprintf(name, MAXPATHLEN, "%s%s%sXXXXXXXXXX", f, *(f + strlen(f) - 1) == '/'? "": "/", pfx); if ((f = _mktemp(name))) return(f); } - if ((f = (char *)dir)) { + if (dir != NULL) { + f = *dir ? (char *)dir : "."; (void)snprintf(name, MAXPATHLEN, "%s%s%sXXXXXXXXXX", f, *(f + strlen(f) - 1) == '/'? "": "/", pfx); if ((f = _mktemp(name))) |