Use mkstemp() for secure tempfile creation instead of tempnam()

Obtained from:	OpenBSD
Reviewed by:	mikeh

4 files changed, 39 insertions, 17 deletions

diff --git a/bin/pax/extern.h b/bin/pax/extern.h
index ff33e5b..89a5840 100644
--- a/bin/pax/extern.h
+++ b/bin/pax/extern.h
@@ -224,6 +224,9 @@ extern int exit_val;
 extern int docrc;
 extern char *dirptr;
 extern char *argv0;
+extern char *tempfile;
+extern char *tempbase;
+
 int main __P((int, char **));
 void sig_cleanup __P((int));
 
diff --git a/bin/pax/pax.c b/bin/pax/pax.c
index 641d53f..5eb57ea 100644
--- a/bin/pax/pax.c
+++ b/bin/pax/pax.c
@@ -55,6 +55,7 @@ static const char rcsid[] =
 #include <sys/resource.h>
 #include <errno.h>
 #include <locale.h>
+#include <paths.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -96,6 +97,8 @@ int	exit_val;		/* exit value */
 int	docrc;			/* check/create file crc */
 char	*dirptr;		/* destination dir in a copy */
 char	*argv0;			/* root of argv[0] */
+char	*tempfile;		/* tempfile to use for mkstemp(3) */
+char	*tempbase;		/* basename of tempfile to use for mkstemp(3) */
 sigset_t s_mask;		/* signal mask for cleanup critical sect */
 
 /*
@@ -228,7 +231,29 @@ main(argc, argv)
 	char **argv;
 #endif
 {
+	char *tmpdir;
+	size_t tdlen;
+
 	(void) setlocale(LC_ALL, "");
+
+	/*
+	 * Where should we put temporary files?
+	 */
+	if ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0')
+		tmpdir = _PATH_TMP;
+	tdlen = strlen(tmpdir);
+	while(tdlen > 0 && tmpdir[tdlen - 1] == '/')
+		tdlen--;
+	tempfile = malloc(tdlen + 1 + sizeof(_TFILE_BASE));
+	if (tempfile == NULL) {
+		pax_warn(1, "Cannot allocate memory for temp file name.");
+		return(exit_val);
+	}
+	if (tdlen)
+		memcpy(tempfile, tmpdir, tdlen);
+	tempbase = tempfile + tdlen;
+	*tempbase++ = '/';
+
 	/*
 	 * parse options, determine operational mode, general init
 	 */
diff --git a/bin/pax/pax.h b/bin/pax/pax.h
index a87b359..3a8824b 100644
--- a/bin/pax/pax.h
+++ b/bin/pax/pax.h
@@ -237,3 +237,4 @@ typedef struct oplist {
 #define HEX	16
 #define OCT	8
 #define _PAX_	1
+#define _TFILE_BASE	"paxXXXXXXXXXX"
diff --git a/bin/pax/tables.c b/bin/pax/tables.c
index e6c106b..d4c61c5 100644
--- a/bin/pax/tables.c
+++ b/bin/pax/tables.c
@@ -360,8 +360,6 @@ int
 ftime_start()
 #endif
 {
-	char *pt;
-
 	if (ftab != NULL)
 		return(0);
  	if ((ftab = (FTM **)calloc(F_TAB_SZ, sizeof(FTM *))) == NULL) {
@@ -373,16 +371,14 @@ ftime_start()
 	 * get random name and create temporary scratch file, unlink name
 	 * so it will get removed on exit
 	 */
-	if ((pt = tempnam((char *)NULL, (char *)NULL)) == NULL)
-		return(-1);
-	(void)unlink(pt);
-
-	if ((ffd = open(pt, O_RDWR | O_CREAT,  S_IRWXU)) < 0) {
-		sys_warn(1, errno, "Unable to open temporary file: %s", pt);
+	memcpy(tempbase, _TFILE_BASE, sizeof(_TFILE_BASE));
+	if ((ffd = mkstemp(tempfile)) < 0) {
+		sys_warn(1, errno, "Unable to create temporary file: %s",
+		    tempfile);
 		return(-1);
 	}
+	(void)unlink(tempfile);
 
-	(void)unlink(pt);
 	return(0);
 }
 
@@ -1210,22 +1206,19 @@ int
 dir_start()
 #endif
 {
-	char *pt;
-
 	if (dirfd != -1)
 		return(0);
-	if ((pt = tempnam((char *)NULL, (char *)NULL)) == NULL)
-		return(-1);
 
 	/*
 	 * unlink the file so it goes away at termination by itself
 	 */
-	(void)unlink(pt);
-	if ((dirfd = open(pt, O_RDWR|O_CREAT, 0600)) >= 0) {
-		(void)unlink(pt);
+	memcpy(tempbase, _TFILE_BASE, sizeof(_TFILE_BASE));
+	if ((dirfd = mkstemp(tempfile)) >= 0) {
+		(void)unlink(tempfile);
 		return(0);
 	}
-	pax_warn(1, "Unable to create temporary file for directory times: %s", pt);
+	pax_warn(1, "Unable to create temporary file for directory times: %s",
+	    tempfile);
 	return(-1);
 }