tmpfile security hole
Eric Blake
ebb9@byu.net
Wed May 16 20:38:00 GMT 2007
Jeff Johnston <jjohnstn <at> redhat.com> writes:
>
> Yes, thanks.
>
Done, with the additional fix to my patch that I just noticed:
> + while (fd < 0 && ptr->_errno == EEXIST);
> + if (fd < 0)
> return NULL;
> - fp = _fopen_r (ptr, f, "wb+");
> + fp = _fdopen_r (ptr, fd, "wb+");
> e = ptr->_errno;
Here, if fp is NULL, then fd needs to be closed.
> _CAST_VOID _remove_r (ptr, f);
> ptr->_errno = e;
--
Eric Blake
More information about the Newlib
mailing list