millert's sup fix, tested here on client and server.

committing in absentia for todd, ok beck@

2 files changed, 66 insertions, 30 deletions

diff --git a/usr.bin/sup/src/supcmeat.c b/usr.bin/sup/src/supcmeat.c
index b539581c6bc..ff4e13f8011 100644
--- a/usr.bin/sup/src/supcmeat.c
+++ b/usr.bin/sup/src/supcmeat.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: supcmeat.c,v 1.18 2003/04/15 07:21:09 deraadt Exp $	*/
+/*	$OpenBSD: supcmeat.c,v 1.19 2003/09/04 03:24:07 beck Exp $	*/
 
 /*
  * Copyright (c) 1992 Carnegie Mellon University
@@ -1154,7 +1154,7 @@ copyfile(to, from)
 {
 	int fromf, tof, istemp, x;
 	char dpart[STRINGLENGTH], fpart[STRINGLENGTH];
-	char tname[STRINGLENGTH];
+	char tname[MAXPATHLEN];
 	static int true = 1;
 	static pid_t thispid = 0;	/* process id # */
 
@@ -1175,49 +1175,49 @@ copyfile(to, from)
 	for (;;) {
 	/* try destination directory */
 		path(to, dpart, sizeof dpart, fpart, sizeof fpart);
-		(void) snprintf(tname, sizeof tname, "%s/#%ld.sup",
+		(void) snprintf(tname, sizeof tname, "%s/#%ld.sup.XXXXXXXXXX",
 		    dpart, (long)thispid);
-		tof = open(tname, (O_WRONLY|O_CREAT|O_TRUNC), 0600);
+		tof = mkstemp(tname);
 		if (tof >= 0)
 			break;
 	/* try sup directory */
 		if (thisC->Cprefix)
 			(void) chdir (thisC->Cbase);
-		(void) snprintf(tname, sizeof tname, "sup/#%ld.sup",
+		(void) snprintf(tname, sizeof tname, "sup/#%ld.sup.XXXXXXXXXX",
 		    (long)thispid);
-		tof = open(tname, (O_WRONLY|O_CREAT|O_TRUNC), 0600);
+		tof = mkstemp(tname);
 		if (tof >= 0) {
 			if (thisC->Cprefix)
 				(void) chdir(thisC->Cprefix);
 			break;
 		}
 	/* try base directory */
-		(void) snprintf(tname, sizeof tname, "#%ld.sup",
+		(void) snprintf(tname, sizeof tname, "#%ld.sup.XXXXXXXXXX",
 		    (long)thispid);
-		tof = open (tname,(O_WRONLY|O_CREAT|O_TRUNC),0600);
+		tof = mkstemp(tname);
 		if (thisC->Cprefix)
 			(void) chdir(thisC->Cprefix);
 		if (tof >= 0)
 			break;
 #ifdef	VAR_TMP
 	/* try /var/tmp */
-		(void) snprintf(tname, sizeof tname, "/var/tmp/#%ld.sup",
-		    (long)thispid);
-		tof = open(tname, (O_WRONLY|O_CREAT|O_TRUNC), 0600);
+		(void) snprintf(tname, sizeof tname,
+		    "/var/tmp/#%ld.sup.XXXXXXXXXX", (long)thispid);
+		tof = mkstemp(tname);
 		if (tof >= 0)
 			break;
 #else
 	/* try /usr/tmp */
-		(void) snprintf(tname, sizeof tname, "/usr/tmp/#%ld.sup",
-			(long)thispid);
-		tof = open(tname, (O_WRONLY|O_CREAT|O_TRUNC), 0600);
+		(void) snprintf(tname, sizeof tname,
+		    "/usr/tmp/#%ld.sup.XXXXXXXXXX", (long)thispid);
+		tof = mkstemp(tname);
 		if (tof >= 0)
 			break;
 #endif
 	/* try /tmp */
-		(void) snprintf(tname, sizeof tname, "/tmp/#%ld.sup",
-		    (long)thispid);
-		tof = open(tname, (O_WRONLY|O_CREAT|O_TRUNC), 0600);
+		(void) snprintf(tname, sizeof tname,
+		    "/tmp/#%ld.sup.XXXXXXXXXX", (long)thispid);
+		tof = mkstemp(tname);
 		if (tof >= 0)
 			break;
 		istemp = FALSE;
@@ -1330,9 +1330,10 @@ copyfile(to, from)
 		av[ac++] = "gzip";
 		av[ac++] = "-d";
 		av[ac++] = NULL;
+		/* XXX - race between unlink and re-open */
 		if ((infd = open(tname, O_RDONLY, 0)) == -1 ||
 		     unlink(tname) == -1 ||
-		     (outfd = open(tname, O_WRONLY|O_CREAT|O_TRUNC, 0600)) == -1 ||
+		     (outfd = open(tname, O_WRONLY|O_CREAT|O_EXCL, 0600)) == -1 ||
 		     runiofd(av, infd, outfd, 2) != 0 ) {
 			notify("SUP: Error in uncompressing file %s (%s)\n",
 				to, tname);
diff --git a/usr.bin/sup/src/supfilesrv.c b/usr.bin/sup/src/supfilesrv.c
index b46dbade527..c1974335326 100644
--- a/usr.bin/sup/src/supfilesrv.c
+++ b/usr.bin/sup/src/supfilesrv.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: supfilesrv.c,v 1.31 2003/03/10 03:53:32 david Exp $	*/
+/*	$OpenBSD: supfilesrv.c,v 1.32 2003/09/04 03:24:07 beck Exp $	*/
 
 /*
  * Copyright (c) 1992 Carnegie Mellon University
@@ -388,6 +388,7 @@ int local_file(int, struct stat *);
 int stat_info_ok(struct stat *, struct stat *);
 int link_nofollow(int);
 int link_nofollow(int);
+int opentmp(char *, size_t);
 
 /*************************************
  ***    M A I N   R O U T I N E    ***
@@ -1319,8 +1320,8 @@ sendone(t, v)
 	TREE *t;
 	void *v;
 {
-	int x, fd;
-	char temp_file[STRINGLENGTH];
+	int x, fd, ifd;
+	char temp_file[MAXPATHLEN];
 	char *av[50];	/* More than enough */
 
 	if ((t->Tflags&FNEEDED) == 0)	/* only send needed files */
@@ -1336,9 +1337,12 @@ sendone(t, v)
 		if (!listonly && (t->Tflags&FUPDATE) == 0) {
 #ifdef RCS
                         if (dorcs) {
-                                char rcs_release[STRINGLENGTH];
+                                char rcs_release[MAXPATHLEN];
 
-				tmpnam(rcs_file);
+				fd = opentmp(rcs_file, sizeof(rcs_file));
+				if (fd < 0)
+					goaway ("We died trying to create temp file");
+				close(fd);
                                 if (strcmp(&t->Tname[strlen(t->Tname)-2], ",v") == 0) {
                                         t->Tname[strlen(t->Tname)-2] = '\0';
 					ac = 0;
@@ -1385,19 +1389,26 @@ sendone(t, v)
                                                         t->Tflags |= FUPDATE;
                                                 }
                                         } else if (docompress) {
-                                                tmpnam(temp_file);
+                                                fd = opentmp(temp_file, sizeof(temp_file));
+						if (fd < 0)
+							goaway ("We died trying to create temp file");
+						ifd = open(rcs_file, O_RDONLY, 0);
+						if (ifd < 0)
+							goaway ("We died trying to open %s", rcs_file);
 						av[0] = "gzip";
 						av[1] = "-cf";
 						av[2] = NULL;
-						if (runio(av, rcs_file,
-						    temp_file, NULL) != 0) {
+						if (runiofd(av, ifd, fd, 2) != 0) {
+							close(fd);
+							close(ifd);
                                                         /* Just in case */
                                                         unlink(temp_file);
                                                         unlink(rcs_file);
                                                         goaway("We died trying to gzip %s", rcs_file);
                                                         t->Tmode = 0;
                                                 }
-                                                fd = open(temp_file,O_RDONLY,0);
+						lseek(fd, (off_t)0, SEEK_SET);
+						close(ifd);
                                         } else
                                                 fd = open (rcs_file,O_RDONLY,0);
                                 }
@@ -1405,17 +1416,25 @@ sendone(t, v)
 #endif
                         if (fd == -1) {
                                 if (docompress) {
-                                        tmpnam(temp_file);
+					fd = opentmp(temp_file, sizeof(temp_file));
+					if (fd < 0)
+						goaway ("We died trying to create temp file");
+					ifd = open(t->Tname, O_RDONLY, 0);
+					if (ifd < 0)
+						goaway ("We died trying to open %s", t->Tname);
 					av[0] = "gzip";
 					av[1] = "-cf";
 					av[2] = NULL;
-					if (runio(av, t->Tname, temp_file, NULL) != 0) {
+					if (runiofd(av, ifd, fd, 2) != 0) {
+						close(fd);
+						close(ifd);
                                                 /* Just in case */
                                                 unlink(temp_file);
                                                 goaway("We died trying to run gzip %s", t->Tname);
                                                 t->Tmode = 0;
                                         }
-                                        fd = open(temp_file, O_RDONLY, 0);
+					lseek(fd, (off_t)0, SEEK_SET);
+					close(ifd);
                                 } else
                                         fd = open(t->Tname, O_RDONLY, 0);
                         }
@@ -2105,3 +2124,19 @@ link_nofollow(on)
 	return(0);
 }
 #endif	/* MACH */
+
+int
+opentmp(path, psize)
+	char *path;
+	size_t psize;
+{
+	char *tdir;
+
+	if ((tdir = getenv("TMPDIR")) == NULL || *tdir == '\0')
+		tdir = "/tmp";
+	if (snprintf(path, psize, "%s/supfilesrv.XXXXXXXXXX", tdir) >= psize) {
+		errno = ENAMETOOLONG;
+		return (-1);
+	}
+	return (mkstemp(path));
+}