rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-31 16:52:19 +01:00
Code Issues Projects Releases Wiki Activity

use mkstemp() to get the tempfile instead

Browse Source 
unfortunately means we have to fchmod() it afterwards to be sure
This commit is contained in:
Klas Lindfors 2015-09-14 10:24:05 +02:00
parent ecafc6af84
commit bc93b62489
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pam_yubico.c
View File

@ -92,6 +92,8 @@
#define MAX_TOKEN_ID_LEN 16u
#define DEFAULT_TOKEN_ID_LEN 12u
#define TMPFILE_SUFFIX ".XXXXXX"
enum key_mode {
CHRESP,
CLIENT
@ -596,18 +598,23 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
}
/* Write out the new file */
tmpfile = malloc(strlen(userfile) + 1 + 4);
tmpfile = malloc(strlen(userfile) + 1 + strlen(TMPFILE_SUFFIX));
if (! tmpfile)
goto restpriv_out;
strcpy(tmpfile, userfile);
strcat(tmpfile, ".tmp");
strcat(tmpfile, TMPFILE_SUFFIX);
fd = open(tmpfile, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
fd = mkstemp(tmpfile);
if (fd < 0) {
DBG (("Cannot open file: %s (%s)", tmpfile, strerror(errno)));
goto restpriv_out;
}
if (! fchmod (fd, S_IRUSR | S_IWUSR)) {
DBG (("could not set correct file permissions"));
goto restpriv_out;
}
f = fdopen(fd, "w");
if (! f) {
close(fd);