[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: lib/40693: _gettemp() flawed
The following reply was made to PR lib/40693; it has been noted by GNATS.
From: Alan Barrett <apb%cequrux.com@localhost>
Subject: Re: lib/40693: _gettemp() flawed
Date: Thu, 19 Feb 2009 21:07:07 +0200
On Thu, 19 Feb 2009, persgray%gmail.com@localhost wrote:
> After fixing out-of-bounds access in OpenBSD's version of this
> function, I looked at NetBSD's one. As far as I can see, current
> implementation of _gettemp() in libc (core function for mk*temp(3)) is
> flawed by many ways:
> - It produces highly predictable (i.e. insecure) values;
> - It may (should) cause SIGSEGV when path (template) provided has zero
> - Maybe more.
I am not sure that the "highly predictable values" is a real problem,
except for callers who use the deprecated mktemp(3) interface. Users
of the mkstemp(3) and mkdtemp(3) inetrfaces should get the advertised
I do see a problem when strlen(path) = 0 (it tries to access path[-1]).
> I recommend to replace it via OpenBSD's _gettemp() implementation:
That implementation calls strlen(path) without verifying that path != NULL.
--apb (Alan Barrett)
Main Index |
Thread Index |