Date: Sat, 4 Nov 2000 14:52:47 -0800 From: Kris Kennaway <kris@citusc.usc.edu> To: audit@freebsd.org Subject: mktemp() patch, again Message-ID: <20001104145247.A9161@citusc17.usc.edu>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Based on the feedback from last time when I tried to get this into
-current, here is an updated version of the mktemp() patch. Please
review, etc.
I removed the comment about the directory scanning taking a very long
time - I couldn't see the situation in which this would occur,
although I could be wrong.
Kris
Index: stdio/mktemp.c
===================================================================
RCS file: /mnt/ncvs/src/lib/libc/stdio/mktemp.c,v
retrieving revision 1.19
diff -u -r1.19 mktemp.c
--- stdio/mktemp.c 2000/01/27 23:06:46 1.19
+++ stdio/mktemp.c 2000/11/04 22:48:17
@@ -45,6 +45,7 @@
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <ctype.h>
#include <unistd.h>
@@ -52,6 +53,9 @@
static int _gettemp __P((char *, int *, int, int));
+static const unsigned char padchar[] =
+"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
int
mkstemps(path, slen)
char *path;
@@ -103,8 +107,10 @@
int slen;
{
register char *start, *trv, *suffp;
+ char *pad;
struct stat sbuf;
- int pid, rval;
+ int rval;
+ uint32_t pid;
if (doopen && domkdir) {
errno = EINVAL;
@@ -120,26 +126,16 @@
errno = EINVAL;
return (0);
}
- pid = getpid();
- while (*trv == 'X' && pid != 0) {
- *trv-- = (pid % 10) + '0';
- pid /= 10;
- }
- while (*trv == 'X') {
- char c;
- pid = (arc4random() & 0xffff) % (26+26);
- if (pid < 26)
- c = pid + 'A';
- else
- c = (pid - 26) + 'a';
- *trv-- = c;
+ /* Fill space with random characters */
+ while (*trv == 'X') {
+ pid = arc4random() % (sizeof(padchar) - 1);
+ *trv-- = padchar[pid];
}
start = trv + 1;
/*
- * check the target directory; if you have six X's and it
- * doesn't exist this runs for a *very* long time.
+ * check the target directory.
*/
if (doopen || domkdir) {
for (;; --trv) {
@@ -179,15 +175,11 @@
for (trv = start;;) {
if (*trv == '\0' || trv == suffp)
return(0);
- if (*trv == 'Z')
- *trv++ = 'a';
+ pad = strchr(padchar, *trv);
+ if (pad == NULL || !*++pad)
+ *trv++ = padchar[0];
else {
- if (isdigit((unsigned char)*trv))
- *trv = 'a';
- else if (*trv == 'z') /* inc from z to A */
- *trv = 'A';
- else
- ++*trv;
+ *trv++ = *pad;
break;
}
}
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoEkz4ACgkQWry0BWjoQKU8TgCgtBUmcXultj/QOt+iaZtpuaiH
vocAn1hHyefvPv/qkokOcO7xXmCOTqpE
=4p/S
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001104145247.A9161>