From b1592ff2dddd17c70627b1b9b7959b5f486fc6f2 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 19 Jan 2024 19:45:03 +0000 Subject: Make our mktemp(3) callback-driven and split into multiple files. Previously, calling any of the mktemp(3) family would pull in lstat(2), open(2) and mkdir(2). Now, only the necessary system calls will be reachable from the binary. OK deraadt@ guenther@ --- lib/libc/stdlib/Makefile.inc | 8 +-- lib/libc/stdlib/__mktemp4.c | 83 ++++++++++++++++++++++++++ lib/libc/stdlib/mkdtemp.c | 33 +++++++++++ lib/libc/stdlib/mkstemp.c | 64 ++++++++++++++++++++ lib/libc/stdlib/mktemp.c | 137 ++++--------------------------------------- 5 files changed, 195 insertions(+), 130 deletions(-) create mode 100644 lib/libc/stdlib/__mktemp4.c create mode 100644 lib/libc/stdlib/mkdtemp.c create mode 100644 lib/libc/stdlib/mkstemp.c (limited to 'lib/libc/stdlib') diff --git a/lib/libc/stdlib/Makefile.inc b/lib/libc/stdlib/Makefile.inc index fa4836f42bb..f5e9a9fe4ee 100644 --- a/lib/libc/stdlib/Makefile.inc +++ b/lib/libc/stdlib/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.65 2024/01/19 16:30:28 millert Exp $ +# $OpenBSD: Makefile.inc,v 1.66 2024/01/19 19:45:02 millert Exp $ # stdlib sources .PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/stdlib ${LIBCSRCDIR}/stdlib @@ -6,9 +6,9 @@ SRCS+= a64l.c abort.c atexit.c atoi.c atof.c atol.c atoll.c bsearch.c \ exit.c ecvt.c gcvt.c getenv.c getopt_long.c \ getsubopt.c hcreate.c heapsort.c imaxabs.c imaxdiv.c insque.c \ - l64a.c llabs.c lldiv.c lsearch.c malloc.c mktemp.c reallocarray.c \ - merge.c posix_pty.c qsort.c radixsort.c rand.c random.c \ - realpath.c remque.c setenv.c strtoimax.c \ + l64a.c llabs.c lldiv.c lsearch.c malloc.c __mktemp4.c mkdtemp.c \ + mkstemp.c mktemp.c reallocarray.c merge.c posix_pty.c qsort.c \ + radixsort.c rand.c random.c realpath.c remque.c setenv.c strtoimax.c \ strtol.c strtoll.c strtonum.c strtoul.c strtoull.c strtoumax.c \ system.c \ tfind.c thread_atexit.c tsearch.c \ diff --git a/lib/libc/stdlib/__mktemp4.c b/lib/libc/stdlib/__mktemp4.c new file mode 100644 index 00000000000..4b4500018b8 --- /dev/null +++ b/lib/libc/stdlib/__mktemp4.c @@ -0,0 +1,83 @@ +/* $OpenBSD: __mktemp4.c,v 1.1 2024/01/19 19:45:02 millert Exp $ */ +/* + * Copyright (c) 1996-1998, 2008 Theo de Raadt + * Copyright (c) 1997, 2008-2009, 2024 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include + +#define TEMPCHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" +#define NUM_CHARS (sizeof(TEMPCHARS) - 1) +#define MIN_X 6 + +#ifndef nitems +#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) +#endif + +/* + * Internal driver for the mktemp(3) family of functions. + * The supplied callback does the actual work of testing or + * creating the file/directory. + */ +int +__mktemp4(char *path, int slen, int flags, int (*cb)(const char *, int)) +{ + char *start, *cp, *ep; + const char tempchars[] = TEMPCHARS; + unsigned int tries; + size_t len; + int ret; + + len = strlen(path); + if (len < MIN_X || slen < 0 || (size_t)slen > len - MIN_X) { + errno = EINVAL; + return -1; + } + ep = path + len - slen; + + for (start = ep; start > path && start[-1] == 'X'; start--) + ; + if (ep - start < MIN_X) { + errno = EINVAL; + return -1; + } + + tries = INT_MAX; + do { + cp = start; + do { + unsigned short rbuf[16]; + unsigned int i; + + /* + * Avoid lots of arc4random() calls by using + * a buffer sized for up to 16 Xs at a time. + */ + arc4random_buf(rbuf, sizeof(rbuf)); + for (i = 0; i < nitems(rbuf) && cp != ep; i++) + *cp++ = tempchars[rbuf[i] % NUM_CHARS]; + } while (cp != ep); + + ret = cb(path, flags); + if (ret != -1 || errno != EEXIST) + return ret; + } while (--tries); + + errno = EEXIST; + return -1; +} diff --git a/lib/libc/stdlib/mkdtemp.c b/lib/libc/stdlib/mkdtemp.c new file mode 100644 index 00000000000..c33c3b4e8bb --- /dev/null +++ b/lib/libc/stdlib/mkdtemp.c @@ -0,0 +1,33 @@ +/* $OpenBSD: mkdtemp.c,v 1.1 2024/01/19 19:45:02 millert Exp $ */ +/* + * Copyright (c) 2024 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +static int +mkdtemp_cb(const char *path, int flags) +{ + return mkdir(path, S_IRUSR|S_IWUSR|S_IXUSR); +} + +char * +mkdtemp(char *path) +{ + if (__mktemp4(path, 0, 0, mkdtemp_cb) == 0) + return path; + return NULL; +} diff --git a/lib/libc/stdlib/mkstemp.c b/lib/libc/stdlib/mkstemp.c new file mode 100644 index 00000000000..75a9d27d1a5 --- /dev/null +++ b/lib/libc/stdlib/mkstemp.c @@ -0,0 +1,64 @@ +/* $OpenBSD: mkstemp.c,v 1.1 2024/01/19 19:45:02 millert Exp $ */ +/* + * Copyright (c) 2024 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include + +#define MKOSTEMP_FLAGS (O_APPEND | O_CLOEXEC | O_DSYNC | O_RSYNC | O_SYNC) + +static int +mkstemp_cb(const char *path, int flags) +{ + flags |= O_CREAT | O_EXCL | O_RDWR; + return open(path, flags, S_IRUSR|S_IWUSR); +} + +int +mkostemps(char *path, int slen, int flags) +{ + if (flags & ~MKOSTEMP_FLAGS) { + errno = EINVAL; + return -1; + } + return __mktemp4(path, slen, flags, mkstemp_cb); +} + +int +mkostemp(char *path, int flags) +{ + if (flags & ~MKOSTEMP_FLAGS) { + errno = EINVAL; + return -1; + } + return __mktemp4(path, 0, flags, mkstemp_cb); +} +DEF_WEAK(mkostemp); + +int +mkstemp(char *path) +{ + return __mktemp4(path, 0, 0, mkstemp_cb); +} +DEF_WEAK(mkstemp); + +int +mkstemps(char *path, int slen) +{ + return __mktemp4(path, slen, 0, mkstemp_cb); +} diff --git a/lib/libc/stdlib/mktemp.c b/lib/libc/stdlib/mktemp.c index 3b8bba78463..4dc06f74d16 100644 --- a/lib/libc/stdlib/mktemp.c +++ b/lib/libc/stdlib/mktemp.c @@ -1,7 +1,6 @@ -/* $OpenBSD: mktemp.c,v 1.1 2024/01/19 16:30:28 millert Exp $ */ +/* $OpenBSD: mktemp.c,v 1.2 2024/01/19 19:45:02 millert Exp $ */ /* - * Copyright (c) 1996-1998, 2008 Theo de Raadt - * Copyright (c) 1997, 2008-2009 Todd C. Miller + * Copyright (c) 2024 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,106 +15,27 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include #include #include -#include -#include -#include #include -#include -#include -#include - -#define MKTEMP_NAME 0 -#define MKTEMP_FILE 1 -#define MKTEMP_DIR 2 - -#define TEMPCHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" -#define NUM_CHARS (sizeof(TEMPCHARS) - 1) -#define MIN_X 6 - -#define MKOTEMP_FLAGS (O_APPEND | O_CLOEXEC | O_DSYNC | O_RSYNC | O_SYNC) - -#ifndef nitems -#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) -#endif static int -mktemp_internal(char *path, int slen, int mode, int flags) +mktemp_cb(const char *path, int flags) { - char *start, *cp, *ep; - const char tempchars[] = TEMPCHARS; - unsigned int tries; struct stat sb; - size_t len; - int fd; - - len = strlen(path); - if (len < MIN_X || slen < 0 || (size_t)slen > len - MIN_X) { - errno = EINVAL; - return(-1); - } - ep = path + len - slen; - - for (start = ep; start > path && start[-1] == 'X'; start--) - ; - if (ep - start < MIN_X) { - errno = EINVAL; - return(-1); - } - - if (flags & ~MKOTEMP_FLAGS) { - errno = EINVAL; - return(-1); - } - flags |= O_CREAT | O_EXCL | O_RDWR; - tries = INT_MAX; - do { - cp = start; - do { - unsigned short rbuf[16]; - unsigned int i; - - /* - * Avoid lots of arc4random() calls by using - * a buffer sized for up to 16 Xs at a time. - */ - arc4random_buf(rbuf, sizeof(rbuf)); - for (i = 0; i < nitems(rbuf) && cp != ep; i++) - *cp++ = tempchars[rbuf[i] % NUM_CHARS]; - } while (cp != ep); - - switch (mode) { - case MKTEMP_NAME: - if (lstat(path, &sb) != 0) - return(errno == ENOENT ? 0 : -1); - break; - case MKTEMP_FILE: - fd = open(path, flags, S_IRUSR|S_IWUSR); - if (fd != -1 || errno != EEXIST) - return(fd); - break; - case MKTEMP_DIR: - if (mkdir(path, S_IRUSR|S_IWUSR|S_IXUSR) == 0) - return(0); - if (errno != EEXIST) - return(-1); - break; - } - } while (--tries); - - errno = EEXIST; - return(-1); + if (lstat(path, &sb) == 0) + errno = EEXIST; + return (errno == ENOENT ? 0 : -1); } +/* Also called via tmpnam(3) and tempnam(3). */ char * _mktemp(char *path) { - if (mktemp_internal(path, 0, MKTEMP_NAME, 0) == -1) - return(NULL); - return(path); + if (__mktemp4(path, 0, 0, mktemp_cb) == 0) + return path; + return NULL; } __warn_references(mktemp, @@ -124,40 +44,5 @@ __warn_references(mktemp, char * mktemp(char *path) { - return(_mktemp(path)); -} - -int -mkostemps(char *path, int slen, int flags) -{ - return(mktemp_internal(path, slen, MKTEMP_FILE, flags)); -} - -int -mkstemp(char *path) -{ - return(mktemp_internal(path, 0, MKTEMP_FILE, 0)); -} -DEF_WEAK(mkstemp); - -int -mkostemp(char *path, int flags) -{ - return(mktemp_internal(path, 0, MKTEMP_FILE, flags)); -} -DEF_WEAK(mkostemp); - -int -mkstemps(char *path, int slen) -{ - return(mktemp_internal(path, slen, MKTEMP_FILE, 0)); -} - -char * -mkdtemp(char *path) -{ - int error; - - error = mktemp_internal(path, 0, MKTEMP_DIR, 0); - return(error ? NULL : path); + return _mktemp(path); } -- cgit v1.2.3