Date: Tue, 22 Feb 2000 22:53:24 -0800 (PST) From: spock@techfour.net To: freebsd-gnats-submit@FreeBSD.org Subject: bin/16929: [PATCH] prevent possible race condition in sort Message-ID: <200002230653.WAA66054@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 16929 >Category: bin >Synopsis: [PATCH] prevent possible race condition in sort >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Feb 22 23:00:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: Mike Heffner >Release: 4.0-current >Organization: >Environment: FreeBSD 4.0-CURRENT #0: Sat Feb 19 20:05:45 EST 2000 >Description: sort can create the following predictable tempfiles: /tmp/sort{pid}{seq} >How-To-Repeat: run sort >Fix: Since sort can create many tempfiles, we should leave it's current naming scheme alone, rather create a secure dir in TMP with mkdtemp(3), and let sort dumps it's file in there. Apply the following patch, sorry there might be whitespace bugs =( Index: gnu/usr.bin/sort/sort.c =================================================================== RCS file: /home/ncvs/src/gnu/usr.bin/sort/sort.c,v retrieving revision 1.15 diff -u -r1.15 sort.c --- sort.c 1999/04/25 22:14:05 1.15 +++ sort.c 2000/02/23 06:45:13 @@ -171,6 +171,8 @@ /* Prefix for temporary file names. */ static char *temp_file_prefix; +/* Temporary dir for temp files, *with* above prefix */ +static char *temp_dir = NULL; /* Flag to reverse the order of all comparisons. */ static int reverse; @@ -288,6 +290,9 @@ for (node = temphead.next; node; node = node->next) unlink (node->name); + if( temp_dir ) + rmdir(temp_dir); + } /* Allocate N bytes of memory dynamically, with error checking. */ @@ -413,6 +418,7 @@ } } +#define DIR_TEMPLATE "sortXXXXXXXXXX" /* Return a name for a temporary file. */ static char * @@ -420,15 +426,29 @@ { static unsigned int seq; int len = strlen (temp_file_prefix); - char *name = xmalloc (len + 1 + sizeof ("sort") - 1 + 5 + 5 + 1); + char *name=xmalloc(len + 1 + sizeof(DIR_TEMPLATE)-1 + 1 + sizeof("sort")-1 + 5 + 5 + 1); struct tempnode *node; node = (struct tempnode *) xmalloc (sizeof (struct tempnode)); + if( !temp_dir ) + { + temp_dir = xmalloc( len + 1 + sizeof(DIR_TEMPLATE) ); + sprintf(temp_dir, + "%s%s%s", + temp_file_prefix, + (len && temp_file_prefix[len - 1] != '/') ? "/" : "", + DIR_TEMPLATE); + if( mkdtemp(temp_dir) == NULL ) + { + error(0, errno, _("can't make temp dir")); + exit(2); + } + } + sprintf (name, - "%s%ssort%5.5d%5.5d", - temp_file_prefix, - (len && temp_file_prefix[len - 1] != '/') ? "/" : "", - (unsigned int) getpid () & 0xffff, seq); + "%s/sort%5.5d%5.5d", + temp_dir, + (unsigned int) getpid () & 0xffff, seq); /* Make sure that SEQ's value fits in 5 digits. */ ++seq; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002230653.WAA66054>