Re: lib/40693: _gettemp() flawed

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,persgray%gmail.com@localhost
Subject: Re: lib/40693: _gettemp() flawed
From: Alan Barrett <apb%cequrux.com@localhost>
Date: Thu, 19 Feb 2009 19:15:03 +0000 (UTC)

The following reply was made to PR lib/40693; it has been noted by GNATS.

From: Alan Barrett <apb%cequrux.com@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: lib/40693: _gettemp() flawed
Date: Thu, 19 Feb 2009 21:07:07 +0200

 On Thu, 19 Feb 2009, persgray%gmail.com@localhost wrote:
 > After fixing out-of-bounds access in OpenBSD's version of this
 > function, I looked at NetBSD's one. As far as I can see, current
 > implementation of _gettemp() in libc (core function for mk*temp(3)) is
 > flawed by many ways:
 > 
 > - It produces highly predictable (i.e. insecure) values;
 > - It may (should) cause SIGSEGV when path (template) provided has zero
 >   length;
 > - Maybe more.

 I am not sure that the "highly predictable values" is a real problem,
 except for callers who use the deprecated mktemp(3) interface.  Users
 of the mkstemp(3) and mkdtemp(3) inetrfaces should get the advertised
 uniqueness guarantees.

 I do see a problem when strlen(path) = 0 (it tries to access path[-1]).

 > I recommend to replace it via OpenBSD's _gettemp() implementation:
 > 
 > http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdio/mktemp.c?rev=1.25

 That implementation calls strlen(path) without verifying that path != NULL.

 --apb (Alan Barrett)

Follow-Ups:
- Re: lib/40693: _gettemp() flawed
  - From: Vadim Zhukov

Prev by Date: Re: kern/40690 (pppoe(4) doesn't work when PPPoE relays are present)
Next by Date: Re: lib/40693: _gettemp() flawed
Previous by Thread: lib/40693: _gettemp() flawed
Next by Thread: Re: lib/40693: _gettemp() flawed
Indexes:

Home | Main Index | Thread Index | Old Index