Sophie

Sophie

distrib > Mageia > 9 > armv7hl > media > core-release-src > by-pkgid > e9d12ec94b6dea4e33a5c866aef438dd > files > 6

mirrordir-0.10.49-32.mga9.src.rpm

Mitigate the insecurity of tmpname() by using O_EXCL on creat

Index: mirrordir-0.10.49/vfs/vfs.c
===================================================================
--- mirrordir-0.10.49/vfs/vfs.c
+++ mirrordir-0.10.49/vfs/vfs.c	2015-10-26 20:56:37.760041683 +0000
@@ -1421,7 +1421,7 @@
     if (fdin == -1)
         return NULL;
     tmp = tmpnam(NULL);
-    fdout = creat (tmp, S_IWUSR | S_IRUSR);
+    fdout = creat (tmp, S_IWUSR | S_IRUSR | O_EXCL);
     if (fdout == -1) {
         mc_close (fdin);
         return NULL;