about summary refs log tree commit diff
path: root/posix/annexc.c
diff options
context:
space:
mode:
authorJoseph Myers <joseph@codesourcery.com>2018-07-18 21:04:12 +0000
committerJoseph Myers <joseph@codesourcery.com>2018-07-18 21:04:12 +0000
commit5c112f1b62b6fca7348c64a004e9fc4cfdaca1ad (patch)
tree67ea596cd3c6810bb13df1fb6a1e0d2ae29f7120 /posix/annexc.c
parent6d90776dff7e70e08fa46f9cd7576dd0eeb06da2 (diff)
downloadglibc-5c112f1b62b6fca7348c64a004e9fc4cfdaca1ad.tar.gz
glibc-5c112f1b62b6fca7348c64a004e9fc4cfdaca1ad.tar.xz
glibc-5c112f1b62b6fca7348c64a004e9fc4cfdaca1ad.zip
Avoid insecure usage of tmpnam in tests.
Various glibc testcases use tmpnam in ways subject to race conditions
(generate a temporary file name, then later open that file without
O_EXCL).

This patch fixes those tests to use mkstemp - generally a minimal
local fix to use mkstemp instead of tmpnam, rather than a larger fix
to use other testsuite infrastructure for temporary files.  The
unchanged use of tmpnam in posix/wordexp-test.c would fail safe in the
event of a race (it's generating a name for use with mkdir rather than
for a file to be opened for writing).

Tested for x86_64.

	* grp/tst_fgetgrent.c: Include <unistd.h>.
	(main): Use mkstemp instead of tmpnam.
	* io/test-utime.c (main): Likewise.
	* posix/annexc.c (macrofile): Change to modifiable array.
	(get_null_defines): Use mkstemp instead of tmpnam.  Do not remove
	macrofile here.
	* posix/bug-getopt1.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt2.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt3.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt4.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt5.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* stdio-common/bug7.c: Include <stdlib.h> and <unistd.h>.
	(main): Use mkstemp instead of tmpnam.
	* stdio-common/tst-fdopen.c: Include <stdlib.h>.
	(main): Use mkstemp instead of tmpnam.
	* stdio-common/tst-ungetc.c: Include <stdlib.h>.
	(main): use mkstemp instead of tmpnam.
	* stdlib/isomac.c (macrofile): Change to modifiable array.
	(get_null_defines): Use mkstemp instead of tmpnam.  Do not remove
	macrofile here.
Diffstat (limited to 'posix/annexc.c')
-rw-r--r--posix/annexc.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/posix/annexc.c b/posix/annexc.c
index fe3a600ed7..66768dbe2a 100644
--- a/posix/annexc.c
+++ b/posix/annexc.c
@@ -26,7 +26,7 @@
 
 #define HEADER_MAX          256
 
-static const char *macrofile;
+static char macrofile[] = "/tmp/annexc.XXXXXX";
 
 /* <aio.h>.  */
 static const char *const aio_syms[] =
@@ -657,6 +657,8 @@ main (int argc, char *argv[])
   for (h = 0; h < NUMBER_OF_HEADERS; ++h)
     result |= check_header (&headers[h], ignore_list);
 
+  remove (macrofile);
+
   /* The test suite should return errors but for now this is not
      practical.  Give a warning and ask the user to correct the bugs.  */
   return result;
@@ -712,7 +714,13 @@ get_null_defines (void)
   FILE *input;
   int first = 1;
 
-  macrofile = tmpnam (NULL);
+  int fd = mkstemp (macrofile);
+  if (fd == -1)
+    {
+      printf ("mkstemp failed: %m\n");
+      exit (1);
+    }
+  close (fd);
 
   command = malloc (sizeof fmt + sizeof "/dev/null" + 2 * strlen (CC)
 		    + strlen (INC) + strlen (macrofile));
@@ -784,7 +792,6 @@ get_null_defines (void)
     }
   result[result_len] = NULL;
   fclose (input);
-  remove (macrofile);
 
   return (const char **) result;
 }
@@ -879,7 +886,6 @@ check_header (const struct header *header, const char **except)
       result |= 1;
     }
   fclose (input);
-  remove (macrofile);
 
   for (i = 0; i < header->nsyms; ++i)
     if (found[i] == 0)