diff options
| author | peter <peter@FreeBSD.org> | 1998-04-14 07:25:05 +0000 |
|---|---|---|
| committer | peter <peter@FreeBSD.org> | 1998-04-14 07:25:05 +0000 |
| commit | 9da325cc05abd9ce39a313c56e2aec7c841cef07 (patch) | |
| tree | 0a55a210db412e832ff98a9cf69d86e2f76f4f0a /lib/libc | |
| parent | ced7ca4b356915288bb3cee56d8191995248653b (diff) | |
| download | FreeBSD-src-9da325cc05abd9ce39a313c56e2aec7c841cef07.zip FreeBSD-src-9da325cc05abd9ce39a313c56e2aec7c841cef07.tar.gz | |
Fix a nasty flaw as a result of using the arc4random() pre-seeding of
leading XXX's. It could wrap an uppercase character through chars
like: [ \ ] ^ _ ` in between Z and a. The backslash and back tick
might be particularly nasty in a shell script context. Also, since
we've been using upper-case generated values for a while now, go with
the flow and use them in the pathname search rotation.
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/stdio/mktemp.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/libc/stdio/mktemp.c b/lib/libc/stdio/mktemp.c index 1987d69..ca3fa5b 100644 --- a/lib/libc/stdio/mktemp.c +++ b/lib/libc/stdio/mktemp.c @@ -36,7 +36,7 @@ static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93"; #endif static const char rcsid[] = - "$Id: mktemp.c,v 1.8 1998/02/13 02:13:24 imp Exp $"; + "$Id: mktemp.c,v 1.9 1998/03/03 14:38:36 bde Exp $"; #endif /* LIBC_SCCS and not lint */ #include <sys/types.h> @@ -164,11 +164,13 @@ _gettemp(path, doopen, domkdir) for (trv = start;;) { if (!*trv) return(0); - if (*trv == 'z') + if (*trv == 'Z') *trv++ = 'a'; else { if (isdigit(*trv)) *trv = 'a'; + else if (*trv == 'z') /* inc from z to A */ + *trv = 'A'; else ++*trv; break; |
