Age | Commit message (Collapse) | Author | Lines |
|
|
|
|
|
the access function cannot be used to check for existence, because it
operates using real uid/gid rather than effective to determine
accessibility; this matters for the non-final path components.
instead, use stat. failure of stat is success if only the final
component is missing (ENOENT) and otherwise is failure.
|
|
|
|
also refactor mkdtemp based on new shared temp code, removing
dependency on the deprecated mktemp, whose behavior made this logic
more difficult.
|
|
|
|
1. wrong return value and missing errno for negative suffix len
2. failure to catch suffix len > strlen
3. remove unwanted clearing of input string in invalid case
|
|
|
|
based on patch contributed by Anthony G. Basile (blueness)
some issues remain with the filename generation algorithm and other
small bugs, but this patch has been sitting around long enough that I
feel it's best to get it committed and then work out any remaining
issues.
|
|
|
|
this helps some tiny programs be even more tiny, and barly increases
code size even if both are used.
|
|
|
|
the historic mktemp is supposed to blank the template string on
failure, rather than returning 0. just zero the first character so
that mkstemp and mkdtemp can still retry with O(1) space requirement.
|
|
|
|
use current time in nanoseconds and some potentially-random (if aslr
is enabled) pointer values for the initial tempfile name generation,
and step via a cheap linear prng on collisions. limit the number of
retry attempts to prevent denial of service attacks even if an
attacker can guess the filenames.
|
|
this is cleaner and makes it easy to impose a limit on the number of
retries later if it seems desirable to do so.
|
|
|
|
|
|
|