* libc/include/stdio.h (_mkstemp_r, _mktemp_r): Move declarations

to stdlib.h. * libc/include/stdlib.h (mktemp, _mktemp_r): Warn when using. * libc/stdio/mktemp.c: Explain the security risk when using mktemp.
2009-03-14 12:14:08 +00:00 · 2009-03-14 12:14:08 +00:00 · 71675a3908
parent c7cf32ee27
commit 71675a3908
4 changed files with 18 additions and 3 deletions
--- a/newlib/ChangeLog
+++ b/newlib/ChangeLog
@ -1,3 +1,11 @@
+2009-03-14  Corinna Vinschen  <corinna@vinschen.de>
+
+	* libc/include/stdio.h (_mkstemp_r, _mktemp_r): Move declarations
+	to stdlib.h.
+	* libc/include/stdlib.h (mktemp, _mktemp_r): Warn when using.
+	* libc/stdio/mktemp.c: Explain the security risk when using
+	mktemp.
+
 2009-03-12  Craig Howland <howland@LGSInnovations.com>

 	* libc/time/time.tex (wcsftime.def):  Include.
--- a/newlib/libc/include/stdio.h
+++ b/newlib/libc/include/stdio.h
@ -411,8 +411,6 @@ int	_EXFUN(_iprintf_r, (struct _reent *, const char *, ...)
               _ATTRIBUTE ((__format__ (__printf__, 2, 3))));
 int	_EXFUN(_iscanf_r, (struct _reent *, const char *, ...)
               _ATTRIBUTE ((__format__ (__scanf__, 2, 3))));
-int	_EXFUN(_mkstemp_r, (struct _reent *, char *));
-char *	_EXFUN(_mktemp_r, (struct _reent *, char *));
 FILE *	_EXFUN(_open_memstream_r, (struct _reent *, char **, size_t *));
 void	_EXFUN(_perror_r, (struct _reent *, const char *));
 int	_EXFUN(_printf_r, (struct _reent *, const char *, ...)
--- a/newlib/libc/include/stdlib.h
+++ b/newlib/libc/include/stdlib.h
@ -98,7 +98,9 @@ size_t	_EXFUN(_wcstombs_r,(struct _reent *, char *, const wchar_t *, size_t, _mb
 #ifndef __STRICT_ANSI__
 #ifndef _REENT_ONLY
 int     _EXFUN(mkstemp,(char *));
-char *  _EXFUN(mktemp,(char *));
+int	_EXFUN(_mkstemp_r, (struct _reent *, char *));
+char *  _EXFUN(mktemp,(char *) _ATTRIBUTE ((warning ("the use of `mktemp' is dangerous; use `mkstemp' instead"))));
+char *	_EXFUN(_mktemp_r, (struct _reent *, char *) _ATTRIBUTE ((warning ("the use of `mktemp' is dangerous; use `mkstemp' instead"))));
 #endif
 #endif
 _VOID	_EXFUN(qsort,(_PTR __base, size_t __nmemb, size_t __size, int(*_compar)(const _PTR, const _PTR)));
--- a/newlib/libc/stdio/mktemp.c
+++ b/newlib/libc/stdio/mktemp.c
@ -85,6 +85,13 @@ unless it could not generate an unused filename, or the pattern you
 provided is not suitable for a filename; in that case, it returns
 <<-1>>.

+NOTES
+Never use <<mktemp>>.  The generated filenames are easy to guess and
+there's a race between the test if the file exists and the creation
+of the file.  In combination this makes <<mktemp>> prone to attacks
+and using it is a security risk.  Whenever possible use <<mkstemp>>
+instead.  It doesn't suffer the race condition.
+
 PORTABILITY
 ANSI C does not require either <<mktemp>> or <<mkstemp>>; the System
 V Interface Definition requires <<mktemp>> as of Issue 2.