From a86e9fd6e1320fdd317b8cc604470afc8e709186 Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Tue, 26 Apr 2016 11:19:27 +0200
Subject: cpp: Use mkstemps() to create unique temporary file

Use mkstemps() to safely create a unique temporary file instead of using
rand() to manually create a (potentially unsafe) temporary filename.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
---
 cpp.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'cpp.c')

diff --git a/cpp.c b/cpp.c
index f6c15af..7739f0f 100644
--- a/cpp.c
+++ b/cpp.c
@@ -1,4 +1,5 @@
 #include <stdio.h>
+#include <stdlib.h>
 #include <libgen.h>
 
 #include "cpp.h"
@@ -21,12 +22,15 @@ int cpp_exec(char *in_file, char *out_file, size_t out_len, char *const argv[])
 	size_t argc = 7 + argv_len(argv);
 	char *tmp = xstrdup(in_file);
 	char **cpp_argv;
-	int ret = 0;
+	int fd, ret = -1;
 	char *base;
 	unsigned int i = 0;
 
 	base = basename(tmp);
-	slprintf(out_file, out_len, "/tmp/.tmp-%u-%s", rand(), base);
+	slprintf(out_file, out_len, "/tmp/.tmp-XXXXXX-%s", base);
+	fd = mkstemps(out_file, strlen(base) + 1);
+	if (fd < 0)
+		goto err;
 
 	cpp_argv = xmalloc(argc * sizeof(char *));
 
@@ -42,10 +46,11 @@ int cpp_exec(char *in_file, char *out_file, size_t out_len, char *const argv[])
 	cpp_argv[i++] = in_file;
 	cpp_argv[i++] = NULL;
 
-	if (proc_exec("cpp", cpp_argv))
-		ret = -1;
+	ret = proc_exec("cpp", cpp_argv);
+	close(fd);
 
 	xfree(cpp_argv);
+err:
 	xfree(tmp);
 	return ret;
 }
-- 
cgit v1.2.3-54-g00ecf