CVE-2001-1593: Fix insecure use of /tmp Author(s): * Fri Jan 05 2001 Preston Brown followed the next month by a fix to that patch: * Mon Feb 12 2001 Tim Waugh (see https://bugzilla.redhat.com/show_bug.cgi?id=1060630#c5) Origin: http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch --- a/lib/routines.c +++ b/lib/routines.c @@ -242,3 +242,50 @@ /* Don't complain if you can't unlink. Who cares of a tmp file? */ unlink (filename); } + +/* + * Securely generate a temp file, and make sure it gets + * deleted upon exit. + */ +static char ** tempfiles; +static unsigned ntempfiles; + +static void +cleanup_tempfiles() +{ + while (ntempfiles--) + unlink(tempfiles[ntempfiles]); +} + +char * +safe_tempnam(const char *pfx) +{ + char *dirname, *filename; + int fd; + + if (!(dirname = getenv("TMPDIR"))) + dirname = "/tmp"; + + tempfiles = (char **) realloc(tempfiles, + (ntempfiles+1) * sizeof(char *)); + if (tempfiles == NULL) + return NULL; + + filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX")); + if (!filename) + return NULL; + + sprintf(filename, "%s/%sXXXXXX", dirname, pfx); + + if ((fd = mkstemp(filename)) < 0) { + free(filename); + return NULL; + } + close(fd); + + if (ntempfiles == 0) + atexit(cleanup_tempfiles); + tempfiles[ntempfiles++] = filename; + + return filename; +} --- a/lib/routines.h +++ b/lib/routines.h @@ -255,7 +255,8 @@ /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */ #define tempname_ensure(Str) \ do { \ - (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \ + (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \ } while (0) +char * safe_tempnam(const char *); #endif