[krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp
Alexandra Ellwood via RT
rt-comment at krbdev.mit.edu
Mon Jun 30 16:11:22 EDT 2008
The following code in krb5_rc_io_creat() should be replaced with mkstemp():
if (asprintf(&d->fn, "%s%skrb5_RC%daaa",
dir, PATH_SEPARATOR, (int) UNIQUE) < 0) {
d->fn = NULL;
return KRB5_RC_IO_MALLOC;
}
c = d->fn + strlen(d->fn) - 3;
while ((d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC |
O_EXCL | O_BINARY, 0600)) == -1) {
if ((c[2]++) == 'z') {
c[2] = 'a';
if ((c[1]++) == 'z') {
c[1] = 'a';
if ((c[0]++) == 'z')
break; /* sigh */
}
}
}
More information about the krb5-bugs
mailing list