summaryrefslogtreecommitdiff
path: root/src/temp/mktemp.c
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2011-02-18 17:04:56 -0500
committerRich Felker <dalias@aerifal.cx>2011-02-18 17:04:56 -0500
commit446b4207cc7a30d8a4d5b2445a5a1b27d440f55d (patch)
tree3bc2e2969267d28e3c5b841c25e025afbb1623d4 /src/temp/mktemp.c
parent3e9e30166f22f8fb0d5664500bb52a00d1a3c6a3 (diff)
downloadmusl-446b4207cc7a30d8a4d5b2445a5a1b27d440f55d.tar.gz
musl-446b4207cc7a30d8a4d5b2445a5a1b27d440f55d.tar.bz2
musl-446b4207cc7a30d8a4d5b2445a5a1b27d440f55d.tar.xz
musl-446b4207cc7a30d8a4d5b2445a5a1b27d440f55d.zip
major improvements to temp file name generator
use current time in nanoseconds and some potentially-random (if aslr is enabled) pointer values for the initial tempfile name generation, and step via a cheap linear prng on collisions. limit the number of retry attempts to prevent denial of service attacks even if an attacker can guess the filenames.
Diffstat (limited to 'src/temp/mktemp.c')
-rw-r--r--src/temp/mktemp.c28
1 files changed, 15 insertions, 13 deletions
diff --git a/src/temp/mktemp.c b/src/temp/mktemp.c
index 1078b9df..1462a16c 100644
--- a/src/temp/mktemp.c
+++ b/src/temp/mktemp.c
@@ -4,28 +4,30 @@
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
+#include <time.h>
+#include <stdint.h>
#include "libc.h"
char *__mktemp(char *template)
{
- static int lock;
- static int index;
- int l = strlen(template);
+ struct timespec ts;
+ size_t l = strlen(template);
+ int retries = 10000;
+ unsigned long r;
if (l < 6 || strcmp(template+l-6, "XXXXXX")) {
errno = EINVAL;
- return NULL;
+ return 0;
}
- LOCK(&lock);
- for (; index < 1000000; index++) {
- snprintf(template+l-6, 6, "%06d", index);
- if (access(template, F_OK) != 0) {
- UNLOCK(&lock);
- return template;
- }
+ clock_gettime(CLOCK_REALTIME, &ts);
+ r = ts.tv_nsec + (uintptr_t)&ts / 16 + (uintptr_t)template;
+ while (retries--) {
+ snprintf(template+l-6, 7, "%06lX", r & 0xffffff);
+ if (access(template, F_OK) < 0) return template;
+ r = r * 1103515245 + 12345;
}
- UNLOCK(&lock);
- return NULL;
+ errno = EEXIST;
+ return 0;
}
weak_alias(__mktemp, mktemp);