diff options
| author | Rich Felker <dalias@aerifal.cx> | 2011-02-18 17:04:56 -0500 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2011-02-18 17:04:56 -0500 |
| commit | 446b4207cc7a30d8a4d5b2445a5a1b27d440f55d (patch) | |
| tree | 3bc2e2969267d28e3c5b841c25e025afbb1623d4 /src/temp/mkstemp.c | |
| parent | 3e9e30166f22f8fb0d5664500bb52a00d1a3c6a3 (diff) | |
| download | musl-446b4207cc7a30d8a4d5b2445a5a1b27d440f55d.tar.gz musl-446b4207cc7a30d8a4d5b2445a5a1b27d440f55d.tar.xz musl-446b4207cc7a30d8a4d5b2445a5a1b27d440f55d.zip | |
major improvements to temp file name generator
use current time in nanoseconds and some potentially-random (if aslr is enabled) pointer values for the initial tempfile name generation, and step via a cheap linear prng on collisions. limit the number of retry attempts to prevent denial of service attacks even if an attacker can guess the filenames.
Diffstat (limited to 'src/temp/mkstemp.c')
| -rw-r--r-- | src/temp/mkstemp.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/temp/mkstemp.c b/src/temp/mkstemp.c index 34642569..2ab3020b 100644 --- a/src/temp/mkstemp.c +++ b/src/temp/mkstemp.c @@ -11,8 +11,8 @@ char *__mktemp(char *); int mkstemp(char *template) { - int fd; - for (;;) { + int fd, retries = 100; + while (retries--) { if (!__mktemp(template)) return 0; if ((fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600))>=0) return fd; @@ -21,6 +21,7 @@ int mkstemp(char *template) * that we have a valid template string */ strcpy(template+strlen(template)-6, "XXXXXX"); } + return -1; } LFS64(mkstemp); |