| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
per the text accepted for inclusion in POSIX, behavior is unspecified
when any of the access mode bits are set. since it's impossible to
consistently report this usage error (O_RDONLY could not be detected
since its value happens to be zero), the most consistent way to handle
them is just to ignore them.
previously, if a caller erroneously passed O_WRONLY, the resulting
access mode would be O_WRONLY|O_RDWR, which has the value 3, and this
resulted in a file descriptor which rejects both read and write
attempts when it is subsequently used.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
the access function cannot be used to check for existence, because it
operates using real uid/gid rather than effective to determine
accessibility; this matters for the non-final path components.
instead, use stat. failure of stat is success if only the final
component is missing (ENOENT) and otherwise is failure.
|
| |
|
|
|
|
|
|
| |
also refactor mkdtemp based on new shared temp code, removing
dependency on the deprecated mktemp, whose behavior made this logic
more difficult.
|
| |
|
|
|
|
|
|
| |
1. wrong return value and missing errno for negative suffix len
2. failure to catch suffix len > strlen
3. remove unwanted clearing of input string in invalid case
|
| |
|
|
|
|
|
|
|
|
|
| |
based on patch contributed by Anthony G. Basile (blueness)
some issues remain with the filename generation algorithm and other
small bugs, but this patch has been sitting around long enough that I
feel it's best to get it committed and then work out any remaining
issues.
|
| |
|
|
|
|
|
| |
this helps some tiny programs be even more tiny, and barly increases
code size even if both are used.
|
| |
|
|
|
|
|
|
| |
the historic mktemp is supposed to blank the template string on
failure, rather than returning 0. just zero the first character so
that mkstemp and mkdtemp can still retry with O(1) space requirement.
|
| |
|
|
|
|
|
|
|
|
| |
use current time in nanoseconds and some potentially-random (if aslr
is enabled) pointer values for the initial tempfile name generation,
and step via a cheap linear prng on collisions. limit the number of
retry attempts to prevent denial of service attacks even if an
attacker can guess the filenames.
|
|
|
|
|
| |
this is cleaner and makes it easy to impose a limit on the number of
retries later if it seems desirable to do so.
|
| |
|
| |
|
|
|