From 5c112f1b62b6fca7348c64a004e9fc4cfdaca1ad Mon Sep 17 00:00:00 2001
From: Joseph Myers <joseph@codesourcery.com>
Date: Wed, 18 Jul 2018 21:04:12 +0000
Subject: Avoid insecure usage of tmpnam in tests.

Various glibc testcases use tmpnam in ways subject to race conditions
(generate a temporary file name, then later open that file without
O_EXCL).

This patch fixes those tests to use mkstemp - generally a minimal
local fix to use mkstemp instead of tmpnam, rather than a larger fix
to use other testsuite infrastructure for temporary files.  The
unchanged use of tmpnam in posix/wordexp-test.c would fail safe in the
event of a race (it's generating a name for use with mkdir rather than
for a file to be opened for writing).

Tested for x86_64.

	* grp/tst_fgetgrent.c: Include <unistd.h>.
	(main): Use mkstemp instead of tmpnam.
	* io/test-utime.c (main): Likewise.
	* posix/annexc.c (macrofile): Change to modifiable array.
	(get_null_defines): Use mkstemp instead of tmpnam.  Do not remove
	macrofile here.
	* posix/bug-getopt1.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt2.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt3.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt4.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* posix/bug-getopt5.c: Include <stdlib.h>.
	(do_test): Use mkstemp instead of tmpnam.
	* stdio-common/bug7.c: Include <stdlib.h> and <unistd.h>.
	(main): Use mkstemp instead of tmpnam.
	* stdio-common/tst-fdopen.c: Include <stdlib.h>.
	(main): Use mkstemp instead of tmpnam.
	* stdio-common/tst-ungetc.c: Include <stdlib.h>.
	(main): use mkstemp instead of tmpnam.
	* stdlib/isomac.c (macrofile): Change to modifiable array.
	(get_null_defines): Use mkstemp instead of tmpnam.  Do not remove
	macrofile here.
---
 stdlib/isomac.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'stdlib')

diff --git a/stdlib/isomac.c b/stdlib/isomac.c
index 8abf93185b..0873eaa505 100644
--- a/stdlib/isomac.c
+++ b/stdlib/isomac.c
@@ -77,7 +77,7 @@
 
 #define HEADER_MAX          256
 
-static const char *macrofile;
+static char macrofile[] = "/tmp/isomac.XXXXXX";
 
 /* ISO C header names including Amendment 1 (without ".h" suffix).  */
 static char *header[] =
@@ -219,6 +219,8 @@ main (int argc, char *argv[])
       result |= check_header (file_name, ignore_list);
     }
 
+  remove (macrofile);
+
   /* The test suite should return errors but for now this is not
      practical.  Give a warning and ask the user to correct the bugs.  */
   return result;
@@ -249,7 +251,13 @@ get_null_defines (void)
   FILE *input;
   int first = 1;
 
-  macrofile = tmpnam (NULL);
+  int fd = mkstemp (macrofile);
+  if (fd == -1)
+    {
+      printf ("mkstemp failed: %m\n");
+      exit (1);
+    }
+  close (fd);
 
   command = malloc (sizeof fmt + sizeof "/dev/null" + 2 * strlen (CC)
 		    + strlen (INC) + strlen (macrofile));
@@ -330,7 +338,6 @@ get_null_defines (void)
     }
   result[result_len] = NULL;
   fclose (input);
-  remove (macrofile);
 
   return (const char **) result;
 }
@@ -439,7 +446,6 @@ check_header (const char *file_name, const char **except)
 	}
     }
   fclose (input);
-  remove (macrofile);
 
   return result;
 }
-- 
cgit v1.2.3