This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: tmpfile security hole

From: Eric Blake <ebb9 at byu dot net>
To: newlib at sources dot redhat dot com
Date: Wed, 16 May 2007 20:06:06 +0000 (UTC)
Subject: Re: tmpfile security hole
References: <loom.20070516T194337-320@post.gmane.org> <464B5F30.6040003@redhat.com>

Jeff Johnston <jjohnstn <at> redhat.com> writes:

> 
> Yes, thanks.
> 

Done, with the additional fix to my patch that I just noticed:

> +  while (fd < 0 && ptr->_errno == EEXIST);
> +  if (fd < 0)
>      return NULL;
> -  fp = _fopen_r (ptr, f, "wb+");
> +  fp = _fdopen_r (ptr, fd, "wb+");
>    e = ptr->_errno;

Here, if fp is NULL, then fd needs to be closed.

>    _CAST_VOID _remove_r (ptr, f);
>    ptr->_errno = e;

-- 
Eric Blake

References:
- tmpfile security hole
  - From: Eric Blake
- Re: tmpfile security hole
  - From: Jeff Johnston

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]