From OpenBSD: generate tempfiles securely with mkstemps()

Approved by: Maintainer
author: Kris Kennaway <kris@FreeBSD.org> 2000-03-05 09:27:28 +0000
committer: Kris Kennaway <kris@FreeBSD.org> 2000-03-05 09:27:28 +0000
commit: cf3d05cb927395f57268d4c69af78d82e622830e (patch)
tree: 3de0b56eba19bd1f893342599ed85dccf4029798 /archivers
parent: This is a setuid root binary. sprintf()s of DNS hostnames into undersized (diff)
12 files changed, 336 insertions, 23 deletions
diff --git a/archivers/arc/files/patch-ab b/archivers/arc/files/patch-ab
index b55cbaa6c144..52bf11b472f3 100644
--- a/archivers/arc/files/patch-ab
+++ b/archivers/arc/files/patch-ab
@@ -6,7 +6,7 @@
   	struct tm	tm;
   	struct timeval  tvp[2];
   	int	utimes();
-+ #if !defined(__FreeSBD__) && !defined(__OpenBSD__)
++ #if !defined(__FreeBSD__) && !defined(__OpenBSD__)
   	long	tmclock();
 + #endif
   	tm.tm_sec = (time & 31) * 2;
diff --git a/archivers/arc/files/patch-ac b/archivers/arc/files/patch-ac
index 42c9f08b17da..87e6754e95f2 100644
--- a/archivers/arc/files/patch-ac
+++ b/archivers/arc/files/patch-ac
@@ -1,22 +1,70 @@
-*** marc.c.old	Wed Apr 15 02:59:21 1992
---- marc.c	Sat Dec 31 20:40:30 1994
-***************
-*** 35,40 ****
---- 35,41 ----
-  #endif
-  VOID	arcdie();
-  static VOID expandlst(), merge();
-+ char *makefnam();                  /* filename fixup routine */
-  
-  FILE *src;			       /* source archive */
-  char srcname[STRLEN];		       /* source archive name */
-***************
-*** 47,53 ****
-  int nargs;			       /* number of arguments */
-  char *arg[];			       /* pointers to arguments */
-  {
--     char *makefnam();		       /* filename fixup routine */
-      char *envfind();
-  #if	!_MTS
-      char *arctemp2, *mktemp();		/* temp file stuff */
---- 48,53 ----
+--- ./marc.c.orig	Tue Apr 14 18:59:21 1992
++++ ./marc.c	Wed Aug 11 10:22:31 1999
+@@ -28,12 +28,17 @@
+ #if	UNIX
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <errno.h>
++#include <unistd.h>
++#include <string.h>
++#include <err.h>
+ #endif
+ 
+ #ifndef	__STDC__
+ char *calloc(), *malloc(), *realloc(); /* memory managers */
+ #endif
+ VOID	arcdie();
++int move(),setstamp();
+ static VOID expandlst(), merge();
+ 
+ FILE *src;			       /* source archive */
+@@ -50,7 +55,7 @@
+     char *makefnam();		       /* filename fixup routine */
+     char *envfind();
+ #if	!_MTS
+-    char *arctemp2, *mktemp();		/* temp file stuff */
++    char *arctemp2;		       /* temp file stuff */
+ #endif
+ #if	GEMDOS
+     VOID exitpause();
+@@ -114,8 +119,18 @@
+ #endif
+ #if	!MSDOS
+ 	{
+-		static char tempname[] = "AXXXXXX";
+-		strcat(arctemp, mktemp(tempname));
++		static char tempname[] = "AXXXXXX.arc";
++		int fd=-1;
++		strcat(arctemp, tempname);
++		if((fd = mkstemps(arctemp,4)) == -1 ||
++		   (new = fdopen(fd, "w+")) == NULL) {
++			if (fd != -1) {
++				unlink(arctemp);
++				close(fd);
++			}
++			err(1, "can't create temp file %s", arctemp);
++		}
++
+ 	}
+ #else
+ 	strcat(arctemp, "$ARCTEMP");
+@@ -148,8 +163,10 @@
+     arc = fopen(arcname,OPEN_R);	       /* open the archives */
+     if(!(src=fopen(srcname,OPEN_R)))
+ 	 arcdie("Cannot read source archive %s",srcname);
++#if !defined(__OpenBSD__) && !defined(__FreeBSD__) /* this is insecure, see mkstemp(3) */
+     if(!(new=fopen(newname,OPEN_W)))
+ 	 arcdie("Cannot create new archive %s",newname);
++#endif
+ 
+     if(!arc)
+ 	 printf("Creating new archive %s\n",arcname);
+@@ -283,7 +300,7 @@
+     else return 0;		       /* or fake end of archive */
+ }
+ 
+-copyfile(f,hdr,ver)		       /* copy a file from an archive */
++int copyfile(f,hdr,ver)		       /* copy a file from an archive */
+ FILE *f;			       /* archive to copy from */
+ struct heads *hdr;		       /* header data for file */
+ int ver;			       /* header version */
diff --git a/archivers/arc/files/patch-ad b/archivers/arc/files/patch-ad
new file mode 100644
index 000000000000..36dc9639f290
--- /dev/null
+++ b/archivers/arc/files/patch-ad
@@ -0,0 +1,72 @@
+--- ./arc.c.orig	Tue Apr 14 18:58:59 1992
++++ ./arc.c	Wed Aug 11 10:21:06 1999
+@@ -76,11 +76,14 @@
+ #if	UNIX
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <unistd.h>
+ #endif
+ 
+ #include <string.h>
+ #if BSD
+ #include <strings.h>
++#include <err.h>
++#include <errno.h>
+ #endif
+ 
+ #if	!__STDC__
+@@ -101,6 +104,7 @@
+ static char   **lst;		/* files list */
+ static int	lnum;		/* length of files list */
+ 
++int
+ main(num, arg)			/* system entry point */
+ 	int		num;	/* number of arguments */
+ 	char	       *arg[];	/* pointers to arguments */
+@@ -110,7 +114,7 @@
+ 	VOID		upper();/* case conversion routine */
+ 	char	       *envfind();	/* environment searcher */
+ 	int		n;	/* index */
+-	char	       *arctemp2, *mktemp();
++	char	       *arctemp2;
+ #if	GEMDOS
+ 	VOID		exitpause();
+ 	int		append;
+@@ -219,8 +223,17 @@
+ #endif
+ #if	!MSDOS
+ 	{
+-		static char tempname[] = "AXXXXXX";
+-		strcat(arctemp, mktemp(tempname));
++		static char tempname[] = "AXXXXXX.arc";
++		int fd=-1;
++		strcat(arctemp, tempname);
++		if((fd = mkstemps(arctemp,4)) == -1 ||
++		   (new = fdopen(fd, "w+")) == NULL) {
++			if (fd != -1) {
++				unlink(arctemp);
++				close(fd);
++			}
++			err(1, "can't create temp file %s", arctemp);
++		}
+ 	}
+ #else
+ 	strcat(arctemp, "$ARCTEMP");
+@@ -276,7 +289,7 @@
+ 			keepbak = 1;
+ 
+ 		else if (*a == 'W')	/* suppress warnings */
+-			warn = 0;
++			arcwarn = 0;
+ #if	!DOS
+ 		else if (*a == 'I')	/* image mode, no ASCII/EBCDIC x-late */
+ 			image = !image;
+@@ -401,7 +414,7 @@
+ expandlst(n)			/* expand an indirect reference */
+ 	int		n;	/* number of entry to expand */
+ {
+-	FILE	       *lf, *fopen();	/* list file, opener */
++	FILE	       *lf;	/* list file, opener */
+ 	char		buf[100];	/* input buffer */
+ 	int		x;	/* index */
+ 	char	       *p = lst[n] + 1; /* filename pointer */
diff --git a/archivers/arc/files/patch-ae b/archivers/arc/files/patch-ae
new file mode 100644
index 000000000000..a228e9d11dfd
--- /dev/null
+++ b/archivers/arc/files/patch-ae
@@ -0,0 +1,11 @@
+--- ./arc.h.orig	Tue Aug 10 23:03:24 1999
++++ ./arc.h	Tue Aug 10 23:01:55 1999
+@@ -106,7 +106,7 @@
+ #if	GEMDOS
+ extern int      hold;		/* hold screen before exiting */
+ #endif
+-extern int      warn;		/* true to print warnings */
++extern int      arcwarn;	/* true to print warnings */
+ extern int      note;		/* true to print comments */
+ extern int      bose;		/* true to be verbose */
+ extern int      nocomp;		/* true to suppress compression */
diff --git a/archivers/arc/files/patch-af b/archivers/arc/files/patch-af
new file mode 100644
index 000000000000..8a5597cfc6f5
--- /dev/null
+++ b/archivers/arc/files/patch-af
@@ -0,0 +1,47 @@
+--- ./arcadd.c.orig	Tue Aug 10 23:03:24 1999
++++ ./arcadd.c	Tue Aug 10 23:01:55 1999
+@@ -119,7 +119,7 @@
+ 			}
+ #endif
+ 		}
+-		if (notemp && warn)
++		if (notemp && arcwarn)
+ 			printf("No files match: %s\n", arg[n]);
+ 	}
+ 
+@@ -133,7 +133,7 @@
+ 		free(path);
+ 		free(name);
+ 	}
+-	if (nowork && warn)
++	if (nowork && arcwarn)
+ 		printf("No files were added.\n");
+ }
+ 
+@@ -227,7 +227,7 @@
+ 	if (move) {		/* if this was a move */
+ 		for (n = 0; n < nfiles; n++) {	/* then delete each file
+ 						 * added */
+-			if (unlink(path[n]) && warn) {
++			if (unlink(path[n]) && arcwarn) {
+ 				printf("Cannot unsave %s\n", path[n]);
+ 				nerrs++;
+ 			}
+@@ -259,7 +259,7 @@
+ 	if (!f)
+ #endif
+ 	{
+-		if (warn) {
++		if (arcwarn) {
+ 			printf("Cannot read file: %s\n", path);
+ 			nerrs++;
+ 		}
+@@ -267,7 +267,7 @@
+ 	}
+ #if	!DOS
+ 	if (strlen(name) >= FNLEN) {
+-		if (warn) {
++		if (arcwarn) {
+ 			char	buf[STRLEN];
+ 			printf("WARNING: File %s name too long!\n", name);
+ 			name[FNLEN-1]='\0';
diff --git a/archivers/arc/files/patch-ag b/archivers/arc/files/patch-ag
new file mode 100644
index 000000000000..1f496113cbb2
--- /dev/null
+++ b/archivers/arc/files/patch-ag
@@ -0,0 +1,11 @@
+--- ./arccvt.c.orig	Tue Aug 10 23:03:24 1999
++++ ./arccvt.c	Tue Aug 10 23:01:55 1999
+@@ -120,7 +120,7 @@
+ 	writehdr(hdr, new);	/* write out real header */
+ 	fseek(new, hdr->size, 1);	/* skip over data to next header */
+ 	fclose(tmp);		/* all done with the file */
+-	if (unlink(tempname) && warn) {
++	if (unlink(tempname) && arcwarn) {
+ 		printf("Cannot unsave %s\n", tempname);
+ 		nerrs++;
+ 	}
diff --git a/archivers/arc/files/patch-ah b/archivers/arc/files/patch-ah
new file mode 100644
index 000000000000..f9e7a9067de8
--- /dev/null
+++ b/archivers/arc/files/patch-ah
@@ -0,0 +1,11 @@
+--- ./arcdata.c.orig	Tue Aug 10 23:03:24 1999
++++ ./arcdata.c	Tue Aug 10 23:01:56 1999
+@@ -35,7 +35,7 @@
+ #if	GEMDOS
+ int		hold = 0;	/* true to pause before exit */
+ #endif
+-int             warn = 1;	/* true to print warnings */
++int             arcwarn = 1;	/* true to print warnings */
+ int             note = 1;	/* true to print comments */
+ int             bose = 0;	/* true to be verbose */
+ int             nocomp = 0;	/* true to suppress compression */
diff --git a/archivers/arc/files/patch-ai b/archivers/arc/files/patch-ai
new file mode 100644
index 000000000000..c13db4acb537
--- /dev/null
+++ b/archivers/arc/files/patch-ai
@@ -0,0 +1,20 @@
+--- ./arcext.c.orig	Tue Aug 10 23:03:25 1999
++++ ./arcext.c	Tue Aug 10 23:01:56 1999
+@@ -143,7 +143,7 @@
+ 	if (note)
+ 		printf("Extracting file: %s\n", fix);
+ 
+-	if (warn && !overlay) {
++	if (arcwarn && !overlay) {
+ 		if (f = fopen(fix, "r")) {	/* see if it exists */
+ 				fclose(f);
+ 				printf("WARNING: File %s already exists!", fix);
+@@ -190,7 +190,7 @@
+ 	if (!f)
+ #endif
+ 	{
+-		if (warn) {
++		if (arcwarn) {
+ 			printf("Cannot create %s\n", fix);
+ 			nerrs++;
+ 		}
diff --git a/archivers/arc/files/patch-aj b/archivers/arc/files/patch-aj
new file mode 100644
index 000000000000..f7dc13a56ce6
--- /dev/null
+++ b/archivers/arc/files/patch-aj
@@ -0,0 +1,24 @@
+--- ./arcio.c.orig	Tue Aug 10 23:03:25 1999
++++ ./arcio.c	Tue Aug 10 23:01:56 1999
+@@ -46,7 +46,7 @@
+ 		return 0;	/* then signal end of archive */
+ 
+ 	if (hdrver != ARCMARK) {	/* check archive validity */
+-		if (warn) {
++		if (arcwarn) {
+ 			printf("An entry in %s has a bad header.\n", arcname);
+ 			nerrs++;
+ 		}
+@@ -63,10 +63,10 @@
+ 		if (feof(f) && first)
+ 			arcdie("%s is not an archive", arcname);
+ 
+-		if (changing && warn)
++		if (changing && arcwarn)
+ 			arcdie("%s is corrupted -- changes disallowed", arcname);
+ 
+-		if (warn)
++		if (arcwarn)
+ 			printf("  %d bytes skipped.\n", try);
+ 
+ 		if (feof(f))
diff --git a/archivers/arc/files/patch-ak b/archivers/arc/files/patch-ak
new file mode 100644
index 000000000000..7933c26409d1
--- /dev/null
+++ b/archivers/arc/files/patch-ak
@@ -0,0 +1,11 @@
+--- ./arclzw.c.orig	Tue Aug 10 23:03:25 1999
++++ ./arclzw.c	Tue Aug 10 23:01:57 1999
+@@ -546,7 +546,7 @@
+ 		 */
+ 		if (code >= free_ent) {
+ 			if (code > free_ent) {
+-				if (warn) {
++				if (arcwarn) {
+ 					printf("Corrupted compressed file.\n");
+ 					printf("Invalid code %d when max is %d.\n",
+ 					       code, free_ent);
diff --git a/archivers/arc/files/patch-al b/archivers/arc/files/patch-al
new file mode 100644
index 000000000000..734b15f3f8d2
--- /dev/null
+++ b/archivers/arc/files/patch-al
@@ -0,0 +1,38 @@
+--- ./arcrun.c.orig	Tue Aug 10 23:03:25 1999
++++ ./arcrun.c	Tue Aug 10 23:01:57 1999
+@@ -94,7 +94,7 @@
+ 		strcpy(sys, buf);
+ 
+ 	else {
+-		if (warn) {
++		if (arcwarn) {
+ 			printf("File %s is not a .BAS, .BAT, .COM, or .EXE\n",
+ 			       hdr->name);
+ 			nerrs++;
+@@ -108,7 +108,7 @@
+               && strcmp(i, ".TTP")
+               && strcmp(i, ".TOS"))
+       {
+-              if (warn) {
++              if (arcwarn) {
+                       printf("File %s is not a .PRG, .TOS, or .TTP\n",
+                               hdr->name);
+                       nerrs++;
+@@ -118,7 +118,7 @@
+       }
+ #endif
+ 
+-	if (warn)
++	if (arcwarn)
+ 		if (tmp = fopen(buf, "r"))
+ 			arcdie("Temporary file %s already exists", buf);
+ 	if (!(tmp = fopen(buf, OPEN_W)))
+@@ -142,7 +142,7 @@
+ #endif
+ 	chdir(dir);
+ 	free(dir);		/* return to whence we started */
+-	if (unlink(buf) && warn) {
++	if (unlink(buf) && arcwarn) {
+ 		printf("Cannot unsave temporary file %s\n", buf);
+ 		nerrs++;
+ 	}
diff --git a/archivers/arc/files/patch-am b/archivers/arc/files/patch-am
new file mode 100644
index 000000000000..08e091f2462e
--- /dev/null
+++ b/archivers/arc/files/patch-am
@@ -0,0 +1,20 @@
+--- ./arcunp.c.orig	Tue Aug 10 23:03:25 1999
++++ ./arcunp.c	Tue Aug 10 23:01:57 1999
+@@ -123,7 +123,7 @@
+ 		break;
+ 
+ 	default:		/* unknown method */
+-		if (warn) {
++		if (arcwarn) {
+ 			printf("I don't know how to unpack file %s\n", hdr->name);
+ 			printf("I think you need a newer version of ARC\n");
+ 			nerrs++;
+@@ -135,7 +135,7 @@
+ 	/* cleanups common to all methods */
+ 
+ 	if (crcval != hdr->crc) {
+-		if (warn || kludge) {
++		if (arcwarn || kludge) {
+ 			printf("WARNING: File %s fails CRC check\n", hdr->name);
+ 			nerrs++;
+ 		}
author	Kris Kennaway <kris@FreeBSD.org>	2000-03-05 09:27:28 +0000
committer	Kris Kennaway <kris@FreeBSD.org>	2000-03-05 09:27:28 +0000
commit	cf3d05cb927395f57268d4c69af78d82e622830e (patch)
tree	3de0b56eba19bd1f893342599ed85dccf4029798 /archivers
parent	This is a setuid root binary. sprintf()s of DNS hostnames into undersized (diff)