From owner-freebsd-audit  Wed Apr 25 14:44:52 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193])
	by hub.freebsd.org (Postfix) with ESMTP
	id 533EC37B423; Wed, 25 Apr 2001 14:44:48 -0700 (PDT)
	(envelope-from mheffner@vt.edu)
Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190])
	by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id f3PLilu235216;
	Wed, 25 Apr 2001 17:44:47 -0400 (EDT)
Received: from enterprise.muriel.penguinpowered.com ([198.82.100.151])
 by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10)
 with ESMTP id <0GCD00GK3B2MZD@gkar.cc.vt.edu>; Wed,
 25 Apr 2001 17:44:46 -0400 (EDT)
Date: Wed, 25 Apr 2001 17:44:13 -0400 (EDT)
From: Mike Heffner <mheffner@vt.edu>
Subject: Re: GNATS tempfile patch
In-reply-to: <20010425023740.C54713@xor.obsecurity.org>
To: Kris Kennaway <kris@obsecurity.org>
Cc: bug-gnats@gnu.org, pst@FreeBSD.ORG, audit@FreeBSD.ORG
Message-id: <XFMail.20010425174413.mheffner@vt.edu>
MIME-version: 1.0
X-Mailer: XFMail 1.4.7 on FreeBSD
Content-type: multipart/signed;
 boundary="_=XFMail.1.4.7.FreeBSD:20010425174413:436=_"; micalg=pgp-md5;
 protocol="application/pgp-signature"
X-Priority: 3 (Normal)
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

This message is in MIME format
--_=XFMail.1.4.7.FreeBSD:20010425174413:436=_
Content-Type: text/plain; charset=us-ascii


On 25-Apr-2001 Kris Kennaway wrote:
| ..and here's part II, fixing the C code to use mkstemp() if available,
| instead of mktemp().  Please review, etc.
|
| --- gnats/cmds.c.orig Wed Mar 17 15:45:36 1999
| +++ gnats/cmds.c      Wed Apr 25 02:24:59 2001
| @@ -121,19 +121,33 @@

[snip]
  
| +#ifdef HAVE_MKSTEMP
| +  if ((tf = fdopen (fd, "w")) == (FILE *) NULL)
| +#else
|    if ((tf = fopen (path, "w")) == (FILE *) NULL)
| +#endif

If we're using mkstemp(), we could get here and the fdopen() could fail, but we
still have created the tempfile. I think there needs to be an unlink() within
#ifdef HAVE_MKSTEMP to remove the file on failure.


| --- gnats/internal.c.orig     Tue Mar  2 16:18:53 1999
| +++ gnats/internal.c  Wed Apr 25 02:24:45 2001
| @@ -36,20 +36,38 @@

[snip]

| +#ifdef HAVE_MKSTEMP
| +  fp = fdopen (fd, "w");
| +#else
|    fp = fopen (workfile, "w");
| +#endif
|    if (fp == NULL)

Same here.

Otherwise, looks good =)


Mike

-- 
  Mike Heffner       <mheffner@vt.edu>
  Blacksburg, VA   <mikeh@FreeBSD.org>
  http://filebox.vt.edu/users/mheffner


--_=XFMail.1.4.7.FreeBSD:20010425174413:436=_
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE650UtFokZQs3sv5kRAq4qAJ9nQlVphhFDDatZQTBnyTyaOcDvpACgjeou
XegNmcQYZC4wF5LL1h/Qpbo=
=b5I7
-----END PGP SIGNATURE-----

--_=XFMail.1.4.7.FreeBSD:20010425174413:436=_--
End of MIME message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message