Re: LYNX-DEV Re: ...vulnerability in Lynx - code

[Jonathan Sergent]

 ] On Fri, 9 May 1997, Jonathan Sergent wrote:
 ] > In my opinion:
 ] > 
 ] > We want lynx to work as well (this includes "in a relatively secure
 ] > fashion") in as many environments as possible.  "We" do this by 
 ] > creating our temporary files with something like mkstemp.
 ] 
 ] Here is my attempt at it, as patches against official 2.7.1:
 ] 
 ]     <URL:http://sol.slcc.edu/lynx/klaus/temp/diffs-2.7.1--stemp.pch>
 ] 
 ]    (Visit <URL:http://sol.slcc.edu/lynx/klaus/temp/>, 
 ]     then D)ownload, not P)rint, for a usable diff)

...

Thanks.

Attached is a copy of mkstemp() from the GNU libc which I modified to 
support arbitrary extensions.  It probably doesn't work, though.  Call 
it with template == fooXXXXXX.html and n == 3, and it should replace 
the X's and create the temp file.  I didn't try to compile it and I'm
out of it so it probably won't work.  The includes will need the usual
ifdef'ing I suppose.  This at least makes you not need to do all of
the rename() business.  None of that would be needed at all if we could
get rid of the open / write / close / open / read / close business I 
suppose (but that isn't a problem if you have a "sticky" or a private
directory to write things to).  In any case some form of this helps 
machines with no mkstemp.  I can send you a copy of the original one
as well if you like.

If you're concerned about reading back the same file you wrote out, you
could fstat() the fd you know you wrote to, fstat() it before you read
it back in, and make sure they have the same inode number.  If they 
don't, you'd certainly want to complain rather than show the user a file 
they didn't ask to see.  Just an idea.

Sorry I keep suggesting these ideas without doing anything about them,
I really ought to be doing other things ...


--jss.

/* Copyright (C) 1991, 1992, 1996 Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Library General Public License as
   published by the Free Software Foundation; either version 2 of the
   License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Library General Public License for more details.

   You should have received a copy of the GNU Library General Public
   License along with the GNU C Library; see the file COPYING.LIB.  If not,
   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.  */

#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>

/* Generate a unique temporary file name from TEMPLATE.
   The last six characters of TEMPLATE must be "XXXXXX";
   they are replaced with a string that makes the filename unique.
   Returns a file descriptor open on the file for reading and writing.  */
int
mkstemp (template, xstart)
     char *template;
     int xstart;
{
  static const char letters[]
    = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
  size_t len;
  size_t i;

  len = strlen (template);
  if (len < 6 || strcmp (&template[n], "XXXXXX"))
    {
      errno = EINVAL;
      return -1;
    }

  if (sprintf (&template[n + 1], "%.5u",
               (unsigned int) getpid () % 100000) != 5)
    /* Inconceivable lossage.  */
    return -1;

  for (i = 0; i < sizeof (letters); ++i)
    {
      int fd;

      template[n] = letters[i];

      fd = open (template, O_RDWR|O_CREAT|O_EXCL, 0666);
      if (fd >= 0)
        return fd;
    }

  /* We return the null string if we can't find a unique file name.  */
  template[0] = '\0';
  return -1;
}


-- 
Jonathan Sergent / address@hidden / address@hidden
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;