diff options
| author | Rich Felker <dalias@aerifal.cx> | 2011-02-18 17:04:56 -0500 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2011-02-18 17:04:56 -0500 |
| commit | 446b4207cc7a30d8a4d5b2445a5a1b27d440f55d (patch) | |
| tree | 3bc2e2969267d28e3c5b841c25e025afbb1623d4 /src/temp/mkdtemp.c | |
| parent | 3e9e30166f22f8fb0d5664500bb52a00d1a3c6a3 (diff) | |
| download | musl-446b4207cc7a30d8a4d5b2445a5a1b27d440f55d.tar.gz musl-446b4207cc7a30d8a4d5b2445a5a1b27d440f55d.tar.xz musl-446b4207cc7a30d8a4d5b2445a5a1b27d440f55d.zip | |
major improvements to temp file name generator
use current time in nanoseconds and some potentially-random (if aslr is enabled) pointer values for the initial tempfile name generation, and step via a cheap linear prng on collisions. limit the number of retry attempts to prevent denial of service attacks even if an attacker can guess the filenames.
Diffstat (limited to 'src/temp/mkdtemp.c')
| -rw-r--r-- | src/temp/mkdtemp.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/temp/mkdtemp.c b/src/temp/mkdtemp.c index 162d98b0..f2ecc510 100644 --- a/src/temp/mkdtemp.c +++ b/src/temp/mkdtemp.c @@ -12,7 +12,8 @@ char *__mktemp(char *); char *mkdtemp(char *template) { - for (;;) { + int retries = 100; + while (retries--) { if (!__mktemp(template)) return 0; if (!mkdir(template, 0700)) return template; if (errno != EEXIST) return 0; @@ -20,4 +21,5 @@ char *mkdtemp(char *template) * that we have a valid template string */ strcpy(template+strlen(template)-6, "XXXXXX"); } + return 0; } |