mirror of
https://git.FreeBSD.org/ports.git
synced 2024-11-15 23:50:44 +00:00
240 lines
6.4 KiB
Plaintext
240 lines
6.4 KiB
Plaintext
|
This patches replace all uses of the (potentially insecure) mktemp(3)
|
||
|
with a much safer tmpfile(3).
|
||
|
|
||
|
--- src/config.parse.c Wed Jul 20 21:03:26 1994
|
||
|
+++ src/config.parse.c Wed May 17 17:30:22 2000
|
||
|
@@ -55,7 +55,6 @@
|
||
|
#endif
|
||
|
|
||
|
/* prototypes */
|
||
|
-char *mktemp();
|
||
|
static void configfile_descend();
|
||
|
|
||
|
#ifndef L_tmpnam
|
||
|
@@ -86,7 +85,6 @@
|
||
|
char ignorestring[1024];
|
||
|
char s[MAXPATHLEN+1024];
|
||
|
char configfile[MAXPATHLEN+512];
|
||
|
- char *tmpfilename;
|
||
|
char number[128];
|
||
|
int entrynum = 0;
|
||
|
int err;
|
||
|
@@ -98,18 +96,6 @@
|
||
|
if (!printpreprocess && !quietmode)
|
||
|
fputs("### Phase 1: Reading configuration file\n", stderr);
|
||
|
|
||
|
- /* generate temporary file name */
|
||
|
- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
|
||
|
- perror("configfile_read: malloc()");
|
||
|
- exit(1);
|
||
|
- };
|
||
|
- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
|
||
|
-
|
||
|
- if ((char *) mktemp(tmpfilename) == NULL) {
|
||
|
- perror("configfile_read: mktemp()");
|
||
|
- exit(1);
|
||
|
- }
|
||
|
-
|
||
|
/* generate configuration file name */
|
||
|
if (specified_configmode != SPECIFIED_FILE)
|
||
|
sprintf(configfile, "%s/%s", config_path, config_file);
|
||
|
@@ -149,25 +135,17 @@
|
||
|
|
||
|
err = umask(077); /* to protect the tempfile */
|
||
|
|
||
|
- if ((fpout = fopen(tmpfilename, "w+")) == NULL) {
|
||
|
- sprintf(s, "tripwire: Couldn't open config file '%s'", configfile);
|
||
|
- perror(s);
|
||
|
- exit(1);
|
||
|
- }
|
||
|
- (void) umask(err); /* return it to its former state */
|
||
|
-
|
||
|
- /* The following unlink accomplishes two things:
|
||
|
+ /* The use of tmpfile(3) accomplishes two things:
|
||
|
* 1) if the program terminates, we won't leave a temp
|
||
|
* file sitting around with potentially sensitive names
|
||
|
* in it.
|
||
|
* 2) the file is "hidden" while we run
|
||
|
*/
|
||
|
- if (unlink(tmpfilename) < 0) {
|
||
|
- perror("configfile_read: unlink()");
|
||
|
+ if ((fpout = tmpfile()) == NULL) {
|
||
|
+ perror("tmpfile");
|
||
|
exit(1);
|
||
|
}
|
||
|
- free(tmpfilename);
|
||
|
-
|
||
|
+ (void) umask(err); /* return it to its former state */
|
||
|
|
||
|
/*
|
||
|
* pass 0: preprocess file
|
||
|
--- src/dbase.build.c Mon Jul 25 11:24:09 1994
|
||
|
+++ src/dbase.build.c Wed May 17 18:22:14 2000
|
||
|
@@ -66,7 +66,6 @@
|
||
|
int files_scanned_num = 0;
|
||
|
|
||
|
/* prototypes */
|
||
|
-char *mktemp();
|
||
|
static void database_record_write();
|
||
|
|
||
|
char backupfile[MAXPATHLEN+256];
|
||
|
@@ -125,17 +124,7 @@
|
||
|
|
||
|
/* where do we write the new database? */
|
||
|
if (mode == DBASE_TEMPORARY) {
|
||
|
- char *tmpfilename = (char *) malloc(strlen(TEMPFILE_TEMPLATE)+1);
|
||
|
- if (tmpfilename == NULL)
|
||
|
- die_with_err("malloc() failed in database_build", (char *) NULL);
|
||
|
- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
|
||
|
-
|
||
|
- if ((char *) mktemp(tmpfilename) == NULL)
|
||
|
- die_with_err("database_build: mktemp()", (char *) NULL);
|
||
|
-
|
||
|
- (void) strcpy(tempdatabase_file, tmpfilename);
|
||
|
- (void) strcpy(database, tempdatabase_file);
|
||
|
- free(tmpfilename);
|
||
|
+ /* do nothing */
|
||
|
} /* end if temporary database */
|
||
|
else if (mode == DBASE_UPDATE) {
|
||
|
sprintf(database, "./databases/%s", database_file);
|
||
|
@@ -224,6 +213,12 @@
|
||
|
}
|
||
|
|
||
|
/* rebuild the database */
|
||
|
+ if (mode == DBASE_TEMPORARY) {
|
||
|
+ fpw = tmpfile();
|
||
|
+ if (fpw == NULL)
|
||
|
+ die_with_err("call tmpfile(3) failed. Check your TMPDIR setting",
|
||
|
+ NULL);
|
||
|
+ } else
|
||
|
if ((fpw = fopen(database, "w")) == NULL)
|
||
|
die_with_err("Hint: Maybe the database directory '%s' doesn't exist? fopen()", database);
|
||
|
|
||
|
@@ -369,6 +364,6 @@
|
||
|
|
||
|
- /* we don't want to allow anyone to spoof the temporary file in /tmp */
|
||
|
+ /* if the database was temporary, the file was opened by tmpfile(3) --
|
||
|
+ as such, it can not be accessed by anything but this process */
|
||
|
if (mode == DBASE_TEMPORARY) {
|
||
|
- if ((fptempdbase = freopen(database, "r", fpw)) == NULL)
|
||
|
- die_with_err("temporary database file disappeared?!?", database);
|
||
|
+ fptempdbase = fpw;
|
||
|
rewind(fptempdbase);
|
||
|
--- src/main.c Fri Aug 26 04:23:03 1994
|
||
|
+++ src/main.c Wed May 17 18:01:00 2000
|
||
|
@@ -108,7 +108,6 @@
|
||
|
char *database_path = DATABASE_PATH;
|
||
|
char *config_path = CONFIG_PATH;
|
||
|
|
||
|
-char tempdatabase_file[MAXPATHLEN+256];
|
||
|
FILE *fptempdbase;
|
||
|
|
||
|
char *defaultignore = DEFAULTIGNORE;
|
||
|
--- src/preen.c Mon Jul 25 11:24:11 1994
|
||
|
+++ src/preen.c Wed May 17 18:22:22 2000
|
||
|
@@ -37,7 +37,6 @@
|
||
|
static int numentriesread = 0; /* running count of @@contents */
|
||
|
|
||
|
/* prototypes */
|
||
|
-char *mktemp();
|
||
|
static void olddbasefile_load();
|
||
|
|
||
|
char *updatemodes[] = {
|
||
|
@@ -97,9 +96,6 @@
|
||
|
preen_report(interactive, ppp_updateentries);
|
||
|
if (!specified_configmode)
|
||
|
(void) fclose(fp_in);
|
||
|
-
|
||
|
- /* remove the temporary database file */
|
||
|
- (void) unlink(tempdatabase_file);
|
||
|
|
||
|
SPDEBUG(3) printf("*** leaving update_gather()\n");
|
||
|
|
||
|
--- src/siggen.c Mon Jul 25 11:24:12 1994
|
||
|
+++ src/siggen.c Wed May 17 18:36:51 2000
|
||
|
@@ -52,7 +52,6 @@
|
||
|
|
||
|
extern int optind;
|
||
|
int debuglevel = 0;
|
||
|
-char *mktemp();
|
||
|
|
||
|
int (*pf_signatures [NUM_SIGS]) () = {
|
||
|
SIG0FUNC,
|
||
|
@@ -84,7 +83,6 @@
|
||
|
};
|
||
|
int verbosity = 0;
|
||
|
int quietmode = 0;
|
||
|
-char *tmpfilename = NULL;
|
||
|
int readstdin = 0;
|
||
|
|
||
|
|
||
|
@@ -167,19 +167,6 @@
|
||
|
FILE *fpout;
|
||
|
- /* generate temporary file name */
|
||
|
- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
|
||
|
- perror("main: malloc()");
|
||
|
- exit(1);
|
||
|
- };
|
||
|
- (void) strcpy(tmpfilename, "/tmp/twzXXXXXX");
|
||
|
-
|
||
|
- if ((char *) mktemp(tmpfilename) == NULL) {
|
||
|
- perror("siggen: mktemp()");
|
||
|
- exit(1);
|
||
|
- }
|
||
|
|
||
|
/* output */
|
||
|
- if (!(fpout = fopen(tmpfilename, "w"))) {
|
||
|
- char err[1024];
|
||
|
- sprintf(err, "main: fopen(%s)", tmpfilename);
|
||
|
- perror(err);
|
||
|
+ if (!(fpout = tmpfile())) {
|
||
|
+ perror("tmpfile()");
|
||
|
exit(1);
|
||
|
@@ -189,12 +176,6 @@
|
||
|
putc(c, fpout);
|
||
|
- fclose(fpout);
|
||
|
- if ((fd = open(tmpfilename, O_RDONLY)) < 0) {
|
||
|
- perror("siggen: open");
|
||
|
- exit(1);
|
||
|
- }
|
||
|
- if (siggen(fd) < 0)
|
||
|
+ rewind(fpout);
|
||
|
+ if (siggen(fileno(fpout)) < 0)
|
||
|
errors++;
|
||
|
|
||
|
- if (fd)
|
||
|
- close(fd);
|
||
|
+ close(fd);
|
||
|
- unlink(tmpfilename);
|
||
|
--- src/utils.c Mon Jul 25 12:23:16 1994
|
||
|
+++ src/utils.c Wed May 17 18:21:38 2000
|
||
|
@@ -785,23 +785,15 @@
|
||
|
int
|
||
|
fd_tempfilename_generate()
|
||
|
{
|
||
|
- char tmp[MAXPATHLEN+256];
|
||
|
- int fd;
|
||
|
+ FILE *tmp;
|
||
|
|
||
|
- (void) strcpy(tmp, TEMPFILE_TEMPLATE);
|
||
|
- if ((char *) mktemp(tmp) == NULL) {
|
||
|
- perror("tempfilename_generate: mktemp()");
|
||
|
+ tmp = tmpfile();
|
||
|
+ if (tmp == NULL) {
|
||
|
+ perror("tempfilename_generate: tmpfile()");
|
||
|
exit(1);
|
||
|
}
|
||
|
|
||
|
- if ((fd = open(tmp, O_RDWR | O_CREAT, 0600)) < 0) {
|
||
|
- perror("tempfilename_generate: open()");
|
||
|
- exit(1);
|
||
|
- }
|
||
|
- /* unlink right away to make sure no one can tamper with our file */
|
||
|
- unlink(tmp);
|
||
|
-
|
||
|
- return fd;
|
||
|
+ return fileno(tmp);
|
||
|
}
|
||
|
|
||
|
/*
|