NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: lib/40693: _gettemp() flawed

The following reply was made to PR lib/40693; it has been noted by GNATS.

From: Alan Barrett <>
Subject: Re: lib/40693: _gettemp() flawed
Date: Thu, 19 Feb 2009 21:07:07 +0200

 On Thu, 19 Feb 2009, wrote:
 > After fixing out-of-bounds access in OpenBSD's version of this
 > function, I looked at NetBSD's one. As far as I can see, current
 > implementation of _gettemp() in libc (core function for mk*temp(3)) is
 > flawed by many ways:
 > - It produces highly predictable (i.e. insecure) values;
 > - It may (should) cause SIGSEGV when path (template) provided has zero
 >   length;
 > - Maybe more.
 I am not sure that the "highly predictable values" is a real problem,
 except for callers who use the deprecated mktemp(3) interface.  Users
 of the mkstemp(3) and mkdtemp(3) inetrfaces should get the advertised
 uniqueness guarantees.
 I do see a problem when strlen(path) = 0 (it tries to access path[-1]).
 > I recommend to replace it via OpenBSD's _gettemp() implementation:
 That implementation calls strlen(path) without verifying that path != NULL.
 --apb (Alan Barrett)

Home | Main Index | Thread Index | Old Index