From bc93b624897f79c0ca68c3cea0f3781881f628e7 Mon Sep 17 00:00:00 2001
From: Klas Lindfors <klas@yubico.com>
Date: Mon, 14 Sep 2015 10:24:05 +0200
Subject: [PATCH] use mkstemp() to get the tempfile instead

unfortunately means we have to fchmod() it afterwards to be sure
---
 pam_yubico.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/pam_yubico.c b/pam_yubico.c
index 18313eb..0186900 100644
--- a/pam_yubico.c
+++ b/pam_yubico.c
@@ -92,6 +92,8 @@
 #define MAX_TOKEN_ID_LEN 16u
 #define DEFAULT_TOKEN_ID_LEN 12u
 
+#define TMPFILE_SUFFIX ".XXXXXX"
+
 enum key_mode {
   CHRESP,
   CLIENT
@@ -596,18 +598,23 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   }
 
   /* Write out the new file */
-  tmpfile = malloc(strlen(userfile) + 1 + 4);
+  tmpfile = malloc(strlen(userfile) + 1 + strlen(TMPFILE_SUFFIX));
   if (! tmpfile)
     goto restpriv_out;
   strcpy(tmpfile, userfile);
-  strcat(tmpfile, ".tmp");
+  strcat(tmpfile, TMPFILE_SUFFIX);
 
-  fd = open(tmpfile, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+  fd = mkstemp(tmpfile);
   if (fd < 0) {
       DBG (("Cannot open file: %s (%s)", tmpfile, strerror(errno)));
       goto restpriv_out;
   }
 
+  if (! fchmod (fd, S_IRUSR | S_IWUSR)) {
+      DBG (("could not set correct file permissions"));
+      goto restpriv_out;
+  }
+
   f = fdopen(fd, "w");
   if (! f) {
     close(fd);