diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2009-03-14 12:14:08 +0000 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2009-03-14 12:14:08 +0000 |
| commit | 71675a3908d8bf650dce62d174d33391dbaafd2d (patch) | |
| tree | 903a4a5fdb18b53aadf8aea0e2b69fce78c623f0 /newlib | |
| parent | c7cf32ee27bdd157bd7308705a94e62382c5883c (diff) | |
| download | cygnal-71675a3908d8bf650dce62d174d33391dbaafd2d.tar.gz cygnal-71675a3908d8bf650dce62d174d33391dbaafd2d.tar.bz2 cygnal-71675a3908d8bf650dce62d174d33391dbaafd2d.zip | |
* libc/include/stdio.h (_mkstemp_r, _mktemp_r): Move declarations
to stdlib.h.
* libc/include/stdlib.h (mktemp, _mktemp_r): Warn when using.
* libc/stdio/mktemp.c: Explain the security risk when using
mktemp.
Diffstat (limited to 'newlib')
| -rw-r--r-- | newlib/ChangeLog | 8 | ||||
| -rw-r--r-- | newlib/libc/include/stdio.h | 2 | ||||
| -rw-r--r-- | newlib/libc/include/stdlib.h | 4 | ||||
| -rw-r--r-- | newlib/libc/stdio/mktemp.c | 7 |
4 files changed, 18 insertions, 3 deletions
diff --git a/newlib/ChangeLog b/newlib/ChangeLog index aa135e05f..2c45c6f82 100644 --- a/newlib/ChangeLog +++ b/newlib/ChangeLog @@ -1,3 +1,11 @@ +2009-03-14 Corinna Vinschen <corinna@vinschen.de> + + * libc/include/stdio.h (_mkstemp_r, _mktemp_r): Move declarations + to stdlib.h. + * libc/include/stdlib.h (mktemp, _mktemp_r): Warn when using. + * libc/stdio/mktemp.c: Explain the security risk when using + mktemp. + 2009-03-12 Craig Howland <howland@LGSInnovations.com> * libc/time/time.tex (wcsftime.def): Include. diff --git a/newlib/libc/include/stdio.h b/newlib/libc/include/stdio.h index fd58a25b3..28e590cfc 100644 --- a/newlib/libc/include/stdio.h +++ b/newlib/libc/include/stdio.h @@ -411,8 +411,6 @@ int _EXFUN(_iprintf_r, (struct _reent *, const char *, ...) _ATTRIBUTE ((__format__ (__printf__, 2, 3)))); int _EXFUN(_iscanf_r, (struct _reent *, const char *, ...) _ATTRIBUTE ((__format__ (__scanf__, 2, 3)))); -int _EXFUN(_mkstemp_r, (struct _reent *, char *)); -char * _EXFUN(_mktemp_r, (struct _reent *, char *)); FILE * _EXFUN(_open_memstream_r, (struct _reent *, char **, size_t *)); void _EXFUN(_perror_r, (struct _reent *, const char *)); int _EXFUN(_printf_r, (struct _reent *, const char *, ...) diff --git a/newlib/libc/include/stdlib.h b/newlib/libc/include/stdlib.h index be4fa448b..a6a6e5083 100644 --- a/newlib/libc/include/stdlib.h +++ b/newlib/libc/include/stdlib.h @@ -98,7 +98,9 @@ size_t _EXFUN(_wcstombs_r,(struct _reent *, char *, const wchar_t *, size_t, _mb #ifndef __STRICT_ANSI__ #ifndef _REENT_ONLY int _EXFUN(mkstemp,(char *)); -char * _EXFUN(mktemp,(char *)); +int _EXFUN(_mkstemp_r, (struct _reent *, char *)); +char * _EXFUN(mktemp,(char *) _ATTRIBUTE ((warning ("the use of `mktemp' is dangerous; use `mkstemp' instead")))); +char * _EXFUN(_mktemp_r, (struct _reent *, char *) _ATTRIBUTE ((warning ("the use of `mktemp' is dangerous; use `mkstemp' instead")))); #endif #endif _VOID _EXFUN(qsort,(_PTR __base, size_t __nmemb, size_t __size, int(*_compar)(const _PTR, const _PTR))); diff --git a/newlib/libc/stdio/mktemp.c b/newlib/libc/stdio/mktemp.c index e00228e15..c4347cd05 100644 --- a/newlib/libc/stdio/mktemp.c +++ b/newlib/libc/stdio/mktemp.c @@ -85,6 +85,13 @@ unless it could not generate an unused filename, or the pattern you provided is not suitable for a filename; in that case, it returns <<-1>>. +NOTES +Never use <<mktemp>>. The generated filenames are easy to guess and +there's a race between the test if the file exists and the creation +of the file. In combination this makes <<mktemp>> prone to attacks +and using it is a security risk. Whenever possible use <<mkstemp>> +instead. It doesn't suffer the race condition. + PORTABILITY ANSI C does not require either <<mktemp>> or <<mkstemp>>; the System V Interface Definition requires <<mktemp>> as of Issue 2. |