Date: Sun, 19 Nov 2000 16:57:11 -0800 From: Kris Kennaway <kris@FreeBSD.org> To: audit@FreeBSD.org Subject: m4 tempfile fix Message-ID: <20001119165711.A3579@citusc17.usc.edu>
next in thread | raw e-mail | index | archive | help
--0F1p//8PRICkK4MW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
m4 was abusing mktemp() to make a unique prefix but then tacking on
predictable prefixes to make multiple files. I fixed it to create a
secure directory where it can play with its insecure filenames to its
heart content. Reviews, anyone?
Kris
Index: main.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/usr.bin/m4/main.c,v
retrieving revision 1.7
diff -u -r1.7 main.c
--- main.c 2000/09/04 06:09:48 1.7
+++ main.c 2000/11/20 00:53:13
@@ -82,6 +82,7 @@
FILE *outfile[MAXOUT]; /* diversion array(0=3Dbitbucket)*/
FILE *active; /* active output file pointer */
char *m4temp; /* filename for diversions */
+char *m4dir; /* directory for diversions */
int ilevel =3D 0; /* input file stack pointer */
int oindex =3D 0; /* diversion index.. */
char *null =3D ""; /* as it says.. just a null.. */
@@ -181,7 +182,8 @@
=20
active =3D stdout; /* default active output */
/* filename for diversions */
- m4temp =3D mktemp(xstrdup(_PATH_DIVNAME));
+ m4dir =3D mkdtemp(xstrdup(_PATH_DIVDIRNAME));
+ (void) asprintf(&m4temp, "%s/%s", m4dir, _PATH_DIVNAME);
=20
bbase[0] =3D bufbase;
if (!argc) {
@@ -225,6 +227,7 @@
(void) remove(m4temp);
#else
(void) unlink(m4temp);
+ (void) rmdir(m4dir);
#endif
}
=20
Index: pathnames.h
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /mnt/ncvs/src/usr.bin/m4/pathnames.h,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 pathnames.h
--- pathnames.h 1994/05/27 12:30:43 1.1.1.1
+++ pathnames.h 2000/11/20 00:52:29
@@ -47,8 +47,9 @@
#endif
=20
#ifdef unix
-#define _PATH_DIVNAME "/tmp/m4.0XXXXXX" /* unix diversion files */
-#define UNIQUE 8 /* unique char location */
+#define _PATH_DIVDIRNAME "/tmp/m4XXXXXX" /* directory for files */
+#define _PATH_DIVNAME "m4.0" /* unix diversion files */
+#define UNIQUE 17 /* unique char location */
#endif
=20
#ifdef vms
--0F1p//8PRICkK4MW
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoYduYACgkQWry0BWjoQKVBwgCeMK6nF4NRTRCEAnKrkuA3JaNC
qsQAoItsacen29QtcF2pMyjizeRvFHtI
=gS0X
-----END PGP SIGNATURE-----
--0F1p//8PRICkK4MW--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001119165711.A3579>