From 686d5420253bd76b1b7458f91d6ef9fc1a12b229 Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue, 10 Oct 2023 16:22:39 -0300
Subject: posix: Sync tempname with gnulib

The gnulib version contains an important change (9ce573cde), which
fixes some problems with multithreading, entropy loss, and ASLR leak
nfo.  It also fixes an issue where getrandom is not being used
on some new files generation (only for __GT_NOCREATE on first try).

The 044bf893ac removed __path_search, which is now moved to another
gnulib shared files (stdio-common/tmpdir.{c,h}).  Tthis patch
also fixes direxists to use __stat64_time64 instead of __xstat64,
and move the include of pathmax.h for !_LIBC (since it is not used
by glibc).  The license is also changed from GPL 3.0 to 2.1, with
permission from the authors (Bruno Haible and Paul Eggert).

The sync also removed the clock fallback, since clock_gettime
with CLOCK_REALTIME is expected to always succeed.

It syncs with gnulib commit 323834962817af7b115187e8c9a833437f8d20ec.

Checked on x86_64-linux-gnu.

Co-authored-by: Bruno Haible <bruno@clisp.org>
Co-authored-by: Paul Eggert <eggert@cs.ucla.edu>
Reviewed-by: Bruno Haible <bruno@clisp.org>
---
 stdio-common/Makefile   |   1 +
 stdio-common/tempnam.c  |   1 +
 stdio-common/tempname.c |  12 ----
 stdio-common/tmpdir.c   | 163 ++++++++++++++++++++++++++++++++++++++++++++++++
 stdio-common/tmpdir.h   |  28 +++++++++
 stdio-common/tmpfile.c  |   1 +
 stdio-common/tmpnam.c   |   1 +
 stdio-common/tmpnam_r.c |   1 +
 8 files changed, 196 insertions(+), 12 deletions(-)
 create mode 100644 stdio-common/tmpdir.c
 create mode 100644 stdio-common/tmpdir.h

(limited to 'stdio-common')

diff --git a/stdio-common/Makefile b/stdio-common/Makefile
index 6447b6b444..6bc972af1a 100644
--- a/stdio-common/Makefile
+++ b/stdio-common/Makefile
@@ -92,6 +92,7 @@ routines := \
   sscanf \
   tempnam \
   tempname \
+  tmpdir \
   tmpfile \
   tmpfile64 \
   tmpnam \
diff --git a/stdio-common/tempnam.c b/stdio-common/tempnam.c
index 0f8eaf3535..9e62442451 100644
--- a/stdio-common/tempnam.c
+++ b/stdio-common/tempnam.c
@@ -17,6 +17,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include "tmpdir.h"
 
 /* Generate a unique temporary filename using up to five characters of
    PFX if it is not NULL.  The directory to put this file in is
diff --git a/stdio-common/tempname.c b/stdio-common/tempname.c
index d88f1c3946..77e695ca5f 100644
--- a/stdio-common/tempname.c
+++ b/stdio-common/tempname.c
@@ -20,18 +20,6 @@
 #include <stdio.h>
 #include <errno.h>
 
-/* Perform the "SVID path search malarkey" on DIR and PFX.  Write a
-   template suitable for use in __gen_tempname into TMPL, bounded
-   by TMPL_LEN. */
-int
-__path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx,
-	       int try_tmpdir)
-{
-  __set_errno (ENOSYS);
-  return -1;
-}
-stub_warning (__path_search)
-
 /* Generate a (hopefully) unique temporary filename
    in DIR (if applicable), using template TMPL.
    KIND determines what to do with that name.  It may be one of:
diff --git a/stdio-common/tmpdir.c b/stdio-common/tmpdir.c
new file mode 100644
index 0000000000..f189e85778
--- /dev/null
+++ b/stdio-common/tmpdir.c
@@ -0,0 +1,163 @@
+/* Copyright (C) 1999, 2001-2002, 2006, 2009-2024 Free Software Foundation,
+   Inc.
+   This file is part of the GNU C Library.
+
+   This file is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Lesser General Public License as
+   published by the Free Software Foundation, either version 2.1 of the
+   License, or (at your option) any later version.
+
+   This file is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
+
+/* Extracted from sysdeps/posix/tempname.c.  */
+
+#include <config.h>
+
+/* Specification.  */
+#include "tmpdir.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <errno.h>
+#ifndef __set_errno
+# define __set_errno(Val) errno = (Val)
+#endif
+
+#include <stdio.h>
+#ifndef P_tmpdir
+# ifdef _P_tmpdir /* native Windows */
+#  define P_tmpdir _P_tmpdir
+# else
+#  define P_tmpdir "/tmp"
+# endif
+#endif
+
+#include <sys/stat.h>
+
+#if defined _WIN32 && ! defined __CYGWIN__
+# define WIN32_LEAN_AND_MEAN  /* avoid including junk */
+# include <windows.h>
+#endif
+
+#if defined _WIN32 && ! defined __CYGWIN__
+/* Don't assume that UNICODE is not defined.  */
+# undef GetTempPath
+# define GetTempPath GetTempPathA
+#endif
+
+#if _LIBC
+# define struct_stat64 struct __stat64_t64
+#else
+# include "pathmax.h"
+# define struct_stat64 struct stat
+# define __libc_secure_getenv secure_getenv
+# define __stat64_time64(path, buf) stat (path, buf)
+#endif
+
+/* Pathname support.
+   ISSLASH(C)           tests whether C is a directory separator character.
+ */
+#if defined _WIN32 || defined __CYGWIN__ || defined __EMX__ || defined __DJGPP__
+  /* Native Windows, Cygwin, OS/2, DOS */
+# define ISSLASH(C) ((C) == '/' || (C) == '\\')
+#else
+  /* Unix */
+# define ISSLASH(C) ((C) == '/')
+#endif
+
+
+/* Return nonzero if DIR is an existent directory.  */
+static bool
+direxists (const char *dir)
+{
+  struct_stat64 buf;
+  return __stat64_time64 (dir, &buf) == 0 && S_ISDIR (buf.st_mode);
+}
+
+/* Path search algorithm, for tmpnam, tmpfile, etc.  If DIR is
+   non-null and exists, uses it; otherwise uses the first of $TMPDIR,
+   P_tmpdir, /tmp that exists.  Copies into TMPL a template suitable
+   for use with mk[s]temp.  Will fail (-1) if DIR is non-null and
+   doesn't exist, none of the searched dirs exists, or there's not
+   enough space in TMPL. */
+int
+__path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx,
+	       bool try_tmpdir)
+{
+  const char *d;
+  size_t dlen, plen;
+  bool add_slash;
+
+  if (!pfx || !pfx[0])
+    {
+      pfx = "file";
+      plen = 4;
+    }
+  else
+    {
+      plen = strlen (pfx);
+      if (plen > 5)
+        plen = 5;
+    }
+
+  if (try_tmpdir)
+    {
+      d = __libc_secure_getenv ("TMPDIR");
+      if (d != NULL && direxists (d))
+        dir = d;
+      else if (dir != NULL && direxists (dir))
+        /* nothing */ ;
+      else
+        dir = NULL;
+    }
+  if (dir == NULL)
+    {
+#if defined _WIN32 && ! defined __CYGWIN__
+      char dirbuf[PATH_MAX];
+      DWORD retval;
+
+      /* Find Windows temporary file directory.
+         We try this before P_tmpdir because Windows defines P_tmpdir to "\\"
+         and will therefore try to put all temporary files in the root
+         directory (unless $TMPDIR is set).  */
+      retval = GetTempPath (PATH_MAX, dirbuf);
+      if (retval > 0 && retval < PATH_MAX && direxists (dirbuf))
+        dir = dirbuf;
+      else
+#endif
+      if (direxists (P_tmpdir))
+        dir = P_tmpdir;
+      else if (strcmp (P_tmpdir, "/tmp") != 0 && direxists ("/tmp"))
+        dir = "/tmp";
+      else
+        {
+          __set_errno (ENOENT);
+          return -1;
+        }
+    }
+
+  dlen = strlen (dir);
+#ifdef __VMS
+  add_slash = 0;
+#else
+  add_slash = dlen != 0 && !ISSLASH (dir[dlen - 1]);
+#endif
+
+  /* check we have room for "${dir}/${pfx}XXXXXX\0" */
+  if (tmpl_len < dlen + add_slash + plen + 6 + 1)
+    {
+      __set_errno (EINVAL);
+      return -1;
+    }
+
+  memcpy (tmpl, dir, dlen);
+  sprintf (tmpl + dlen, &"/%.*sXXXXXX"[!add_slash], (int) plen, pfx);
+  return 0;
+}
diff --git a/stdio-common/tmpdir.h b/stdio-common/tmpdir.h
new file mode 100644
index 0000000000..e187a31d65
--- /dev/null
+++ b/stdio-common/tmpdir.h
@@ -0,0 +1,28 @@
+/* Determine a temporary directory.
+   Copyright (C) 2001-2002, 2009-2024 Free Software Foundation, Inc.
+
+   This file is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Lesser General Public License as
+   published by the Free Software Foundation, either version 2.1 of the
+   License, or (at your option) any later version.
+
+   This file is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
+
+#include <stdbool.h>
+#include <stddef.h>
+
+/* Path search algorithm, for tmpnam, tmpfile, etc.  If DIR is
+   non-null and exists, uses it; otherwise uses the first of $TMPDIR,
+   P_tmpdir, /tmp that exists.  Copies into TMPL a template suitable
+   for use with mk[s]temp.  Will fail (-1) if DIR is non-null and
+   doesn't exist, none of the searched dirs exists, or there's not
+   enough space in TMPL. */
+extern int __path_search (char *tmpl, size_t tmpl_len, const char *dir,
+			  const char *pfx, bool try_tmpdir)
+     attribute_hidden;
diff --git a/stdio-common/tmpfile.c b/stdio-common/tmpfile.c
index 9c49483fca..08cf9284bb 100644
--- a/stdio-common/tmpfile.c
+++ b/stdio-common/tmpfile.c
@@ -19,6 +19,7 @@
 #include <fcntl.h>
 #include <stdio.h>
 #include <unistd.h>
+#include "tmpdir.h"
 
 #include <iolibio.h>
 #define __fdopen _IO_fdopen
diff --git a/stdio-common/tmpnam.c b/stdio-common/tmpnam.c
index b02ad952e9..1cff363718 100644
--- a/stdio-common/tmpnam.c
+++ b/stdio-common/tmpnam.c
@@ -17,6 +17,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include "tmpdir.h"
 
 static char tmpnam_buffer[L_tmpnam];
 
diff --git a/stdio-common/tmpnam_r.c b/stdio-common/tmpnam_r.c
index 2a3598af36..38f9bace9b 100644
--- a/stdio-common/tmpnam_r.c
+++ b/stdio-common/tmpnam_r.c
@@ -16,6 +16,7 @@
    <https://www.gnu.org/licenses/>.  */
 
 #include <stdio.h>
+#include "tmpdir.h"
 
 /* Generate a unique filename in P_tmpdir.  If S is NULL return NULL.
    This makes this function thread safe.  */
-- 
cgit 1.4.1