diff options
| author | Junio C Hamano <gitster@pobox.com> | 2025-12-16 11:08:34 +0900 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2025-12-16 11:08:35 +0900 |
| commit | 91bfbf49b6566d2b412d12240336027e351a631c (patch) | |
| tree | fb6f10e6d9e0565d3d3dfe83e10652c4325239b6 /wrapper.c | |
| parent | 72154ce4147e971b59e10d79648b114481703607 (diff) | |
| parent | 10bba537c4c23e713af05be700748c6a3c25bf68 (diff) | |
| download | git-91bfbf49b6566d2b412d12240336027e351a631c.tar.gz | |
Merge branch 'rs/ban-mktemp'
Rewrite the only use of "mktemp()" that is subject to TOCTOU race
and Stop using the insecure "mktemp()" function.
* rs/ban-mktemp:
compat: remove gitmkdtemp()
banned.h: ban mktemp(3)
compat: remove mingw_mktemp()
compat: use git_mkdtemp()
wrapper: add git_mkdtemp()
Diffstat (limited to 'wrapper.c')
| -rw-r--r-- | wrapper.c | 21 |
1 files changed, 19 insertions, 2 deletions
@@ -429,7 +429,11 @@ int xmkstemp(char *filename_template) #undef TMP_MAX #define TMP_MAX 16384 -int git_mkstemps_mode(char *pattern, int suffix_len, int mode) +/* + * Returns -1 on error, 0 if it created a directory, or an open file + * descriptor to the created regular file. + */ +static int git_mkdstemps_mode(char *pattern, int suffix_len, int mode, bool dir) { static const char letters[] = "abcdefghijklmnopqrstuvwxyz" @@ -471,7 +475,10 @@ int git_mkstemps_mode(char *pattern, int suffix_len, int mode) v /= num_letters; } - fd = open(pattern, O_CREAT | O_EXCL | O_RDWR, mode); + if (dir) + fd = mkdir(pattern, mode); + else + fd = open(pattern, O_CREAT | O_EXCL | O_RDWR, mode); if (fd >= 0) return fd; /* @@ -486,6 +493,16 @@ int git_mkstemps_mode(char *pattern, int suffix_len, int mode) return -1; } +char *git_mkdtemp(char *pattern) +{ + return git_mkdstemps_mode(pattern, 0, 0700, true) ? NULL : pattern; +} + +int git_mkstemps_mode(char *pattern, int suffix_len, int mode) +{ + return git_mkdstemps_mode(pattern, suffix_len, mode, false); +} + int git_mkstemp_mode(char *pattern, int mode) { /* mkstemp is just mkstemps with no suffix */ |