From owner-freebsd-audit  Mon Jan 24 11:51:23 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from alcanet.com.au (mail.alcanet.com.au [203.62.196.10])
	by hub.freebsd.org (Postfix) with ESMTP id 0BCCA14F7C
	for <audit@FreeBSD.ORG>; Mon, 24 Jan 2000 11:51:13 -0800 (PST)
	(envelope-from jeremyp@gsmx07.alcatel.com.au)
Received: by border.alcanet.com.au id <115211>; Tue, 25 Jan 2000 06:51:42 +1100
Content-return: prohibited
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
Subject: Re: libc patch to warn about tempfiles
In-reply-to: <Pine.BSF.4.21.0001240036440.92004-100000@hub.freebsd.org>; from
 kris@hub.freebsd.org on Mon, Jan 24, 2000 at 07:39:58PM +1100
To: Kris Kennaway <kris@hub.freebsd.org>
Cc: audit@FreeBSD.ORG
Message-Id: <00Jan25.065142est.115211@border.alcanet.com.au>
MIME-version: 1.0
X-Mailer: Mutt 1.0i
Content-type: text/plain; charset=us-ascii
References: <00Jan24.162158est.115251@border.alcanet.com.au>
 <Pine.BSF.4.21.0001240036440.92004-100000@hub.freebsd.org>
Date: Tue, 25 Jan 2000 06:51:42 +1100
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 2000-Jan-24 19:39:58 +1100, Kris Kennaway <kris@hub.freebsd.org> wrote:
>On Mon, 24 Jan 2000, Peter Jeremy wrote:
>> - Add a few const's.
>
>Except you missed out these. I assume these were intended for base64[] and
>padchar[]?

Ooops, I posted the wrong version.  I added the consts (and a #include
to fix the compilation), but forgot to generate a new set of diffs :-(.

Try this on (I've also fixed one style bug in my original):

Index: mktemp.c
===================================================================
RCS file: /home/CVSROOT/src/lib/libc/stdio/mktemp.c,v
retrieving revision 1.18
diff -u -r1.18 mktemp.c
--- mktemp.c	2000/01/12 09:23:41	1.18
+++ mktemp.c	2000/01/24 19:49:23
@@ -45,6 +45,7 @@
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #include <ctype.h>
 #include <unistd.h>
 
@@ -52,6 +53,11 @@
 
 static int _gettemp __P((char *, int *, int, int));
 
+static const unsigned char base64[] =
+	".#0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+static const unsigned char padchar[] =
+"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@#%^&-_=+:,.~";
+
 int
 mkstemps(path, slen)
 	char *path;
@@ -103,8 +109,10 @@
 	int slen;
 {
 	register char *start, *trv, *suffp;
+	const char *pad;
 	struct stat sbuf;
-	int pid, rval;
+	uint32_t pid;
+	int rval, n;
 
 	if (doopen && domkdir) {
 		errno = EINVAL;
@@ -120,20 +128,22 @@
 		errno = EINVAL;
 		return (0);
 	}
-	pid = getpid();
-	while (*trv == 'X' && pid != 0) {
-		*trv-- = (pid % 10) + '0';
-		pid /= 10;
+
+	/* Encode the PID (with 1 bit of randomness) into 3 base-64 chars */
+	pid = getpid() | (arc4random() & 0x00020000);
+	for (n = 0; *trv == 'X' && n < 3; n++) {
+		*trv-- = base64[pid & 0x3f];
+		pid >>= 6;
 	}
-	while (*trv == 'X') {
-		char c;
+	if (n < 3) {	/* Not enough characters to encode PID */
+		errno = EINVAL;
+		return(0);
+	}
 
-		pid = (arc4random() & 0xffff) % (26+26);
-		if (pid < 26)
-			c = pid + 'A';
-		else
-			c = (pid - 26) + 'a';
-		*trv-- = c;
+	/* Fill remaining space with random characters */
+	while (*trv == 'X') {
+		pid = arc4random() % (sizeof(padchar) - 1);
+		*trv-- = padchar[pid];
 	}
 	start = trv + 1;
 
@@ -179,15 +189,11 @@
 		for (trv = start;;) {
 			if (*trv == '\0' || trv == suffp)
 				return(0);
-			if (*trv == 'Z')
-				*trv++ = 'a';
+			pad = strchr(padchar, *trv);
+			if (pad == NULL || *++pad == '\0')
+				*trv++ = padchar[0];
 			else {
-				if (isdigit((unsigned char)*trv))
-					*trv = 'a';
-				else if (*trv == 'z')	/* inc from z to A */
-					*trv = 'A';
-				else
-					++*trv;
+				*trv++ = *pad;
 				break;
 			}
 		}


Peter


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message