[LEDE-DEV] uci/file: replace mktemp() with mkstemp()

Message ID 20170917040532.3926-1-maxim.gorbachyov@gmail.com
State Under Review
Headers show
Series
  • [LEDE-DEV] uci/file: replace mktemp() with mkstemp()
Related show

Commit Message

Maxim Gorbachyov Sept. 17, 2017, 4:05 a.m.
Because mktemp() is evil.

Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
---
 file.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

Comments

Stijn Tintel Sept. 17, 2017, 11:06 p.m. | #1
On 17-09-17 07:05, Maxim Gorbachyov wrote:
> Because mktemp() is evil.
>
Hi, please add a reference when making such claims.

Thanks,
Stijn
Maxim Gorbachyov Sept. 17, 2017, 11:21 p.m. | #2
On Sun, Sep 17, 2017 at 4:06 PM, Stijn Tintel <stijn@linux-ipv6.be> wrote:

>> Because mktemp() is evil.
> Hi, please add a reference when making such claims.

"Never use mktemp() ... every use of mktemp() is a security risk"
https://linux.die.net/man/3/mktemp

I thought it's obvious.

Patch

diff --git a/file.c b/file.c
index 494c649..ad0355b 100644
--- a/file.c
+++ b/file.c
@@ -28,6 +28,7 @@ 
 #include <glob.h>
 #include <string.h>
 #include <stdlib.h>
+#include <errno.h>
 
 #include "uci.h"
 #include "uci_internal.h"
@@ -725,8 +726,8 @@  static void uci_file_commit(struct uci_context *ctx, struct uci_package **packag
 	char *name = NULL;
 	char *path = NULL;
 	char *filename = NULL;
-	struct stat statbuf;
 	bool do_rename = false;
+	int fd;
 
 	if (!p->path) {
 		if (overwrite)
@@ -772,18 +773,20 @@  static void uci_file_commit(struct uci_context *ctx, struct uci_package **packag
 			goto done;
 	}
 
-	if (!mktemp(filename))
-		*filename = 0;
+	fd = mkstemp(filename);
+	if (fd == -1)
+		UCI_THROW(ctx, UCI_ERR_IO);
 
-	if (!*filename) {
-		free(filename);
+	if ((flock(fd, LOCK_EX) < 0) && (errno != ENOSYS))
+		UCI_THROW(ctx, UCI_ERR_IO);
+
+	if (lseek(fd, 0, SEEK_SET) < 0)
 		UCI_THROW(ctx, UCI_ERR_IO);
-	}
 
-	if ((stat(filename, &statbuf) == 0) && ((statbuf.st_mode & S_IFMT) != S_IFREG))
+	f2 = fdopen(fd, "w+");
+	if (!f2)
 		UCI_THROW(ctx, UCI_ERR_IO);
 
-	f2 = uci_open_stream(ctx, filename, p->path, SEEK_SET, true, true);
 	uci_export(ctx, f2, p, false);
 
 	fflush(f2);