Date: Sat, 4 Nov 2000 14:52:47 -0800 From: Kris Kennaway <kris@citusc.usc.edu> To: audit@freebsd.org Subject: mktemp() patch, again Message-ID: <20001104145247.A9161@citusc17.usc.edu>
next in thread | raw e-mail | index | archive | help
--PNTmBPCT7hxwcZjr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Based on the feedback from last time when I tried to get this into
-current, here is an updated version of the mktemp() patch. Please
review, etc.
I removed the comment about the directory scanning taking a very long
time - I couldn't see the situation in which this would occur,
although I could be wrong.
Kris
Index: stdio/mktemp.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/lib/libc/stdio/mktemp.c,v
retrieving revision 1.19
diff -u -r1.19 mktemp.c
--- stdio/mktemp.c 2000/01/27 23:06:46 1.19
+++ stdio/mktemp.c 2000/11/04 22:48:17
@@ -45,6 +45,7 @@
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <ctype.h>
#include <unistd.h>
=20
@@ -52,6 +53,9 @@
=20
static int _gettemp __P((char *, int *, int, int));
=20
+static const unsigned char padchar[] =3D
+"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
int
mkstemps(path, slen)
char *path;
@@ -103,8 +107,10 @@
int slen;
{
register char *start, *trv, *suffp;
+ char *pad;
struct stat sbuf;
- int pid, rval;
+ int rval;
+ uint32_t pid;
=20
if (doopen && domkdir) {
errno =3D EINVAL;
@@ -120,26 +126,16 @@
errno =3D EINVAL;
return (0);
}
- pid =3D getpid();
- while (*trv =3D=3D 'X' && pid !=3D 0) {
- *trv-- =3D (pid % 10) + '0';
- pid /=3D 10;
- }
- while (*trv =3D=3D 'X') {
- char c;
=20
- pid =3D (arc4random() & 0xffff) % (26+26);
- if (pid < 26)
- c =3D pid + 'A';
- else
- c =3D (pid - 26) + 'a';
- *trv-- =3D c;
+ /* Fill space with random characters */
+ while (*trv =3D=3D 'X') {
+ pid =3D arc4random() % (sizeof(padchar) - 1);
+ *trv-- =3D padchar[pid];
}
start =3D trv + 1;
=20
/*
- * check the target directory; if you have six X's and it
- * doesn't exist this runs for a *very* long time.
+ * check the target directory.
*/
if (doopen || domkdir) {
for (;; --trv) {
@@ -179,15 +175,11 @@
for (trv =3D start;;) {
if (*trv =3D=3D '\0' || trv =3D=3D suffp)
return(0);
- if (*trv =3D=3D 'Z')
- *trv++ =3D 'a';
+ pad =3D strchr(padchar, *trv);
+ if (pad =3D=3D NULL || !*++pad)
+ *trv++ =3D padchar[0];
else {
- if (isdigit((unsigned char)*trv))
- *trv =3D 'a';
- else if (*trv =3D=3D 'z') /* inc from z to A */
- *trv =3D 'A';
- else
- ++*trv;
+ *trv++ =3D *pad;
break;
}
}
--PNTmBPCT7hxwcZjr
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoEkz4ACgkQWry0BWjoQKU8TgCgtBUmcXultj/QOt+iaZtpuaiH
vocAn1hHyefvPv/qkokOcO7xXmCOTqpE
=4p/S
-----END PGP SIGNATURE-----
--PNTmBPCT7hxwcZjr--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001104145247.A9161>