[9977] in Kerberos-V5-bugs
[krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp
daemon@ATHENA.MIT.EDU (Alexandra Ellwood via RT)
Mon Jun 30 22:25:57 2008
Date: Mon, 30 Jun 2008 16:11:22 -0400 (EDT)
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27220.0.850494440119292@krbdev.mit.edu>
Mail-Followup-To: rt@krbdev.mit.edu
To: (watchers of [krbdev.mit.edu #6002])
Mail-Copies-To: never
From: "Alexandra Ellwood via RT" <rt-comment@krbdev.MIT.EDU>
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
The following code in krb5_rc_io_creat() should be replaced with mkstemp():
if (asprintf(&d->fn, "%s%skrb5_RC%daaa",
dir, PATH_SEPARATOR, (int) UNIQUE) < 0) {
d->fn = NULL;
return KRB5_RC_IO_MALLOC;
}
c = d->fn + strlen(d->fn) - 3;
while ((d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC |
O_EXCL | O_BINARY, 0600)) == -1) {
if ((c[2]++) == 'z') {
c[2] = 'a';
if ((c[1]++) == 'z') {
c[1] = 'a';
if ((c[0]++) == 'z')
break; /* sigh */
}
}
}
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
