From 8d2f8064aa3d2cc7380c447dfbd8929543f36f51 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Wed, 20 Feb 2013 22:58:46 -0500 Subject: fix error cases in mkostemps core 1. wrong return value and missing errno for negative suffix len 2. failure to catch suffix len > strlen 3. remove unwanted clearing of input string in invalid case --- src/temp/mkostemps.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/temp/mkostemps.c b/src/temp/mkostemps.c index 804a5475..d87d4b66 100644 --- a/src/temp/mkostemps.c +++ b/src/temp/mkostemps.c @@ -9,18 +9,15 @@ char *__randname(char *); int __mkostemps(char *template, int len, int flags) { - if (len < 0) return EINVAL; - - size_t l = strlen(template)-len; - if (l < 6 || strncmp(template+l-6, "XXXXXX", 6)) { + size_t l = strlen(template); + if (l<6 || len>l-6 || strncmp(template+l-len-6, "XXXXXX", 6)) { errno = EINVAL; - *template = 0; return -1; } int fd, retries = 100; while (retries--) { - __randname(template+l-6); + __randname(template+l-len-6); if ((fd = open(template, flags | O_RDWR | O_CREAT | O_EXCL, 0600))>=0) return fd; if (errno != EEXIST) return -1; -- cgit v1.2.3-70-g09d2