Attachment 829632 Details for Bug 1031096 – [PATCH] Do not use already existing temporary files

[patch] [PATCH] Do not use already existing temporary files

-Do-not-use-already-existing-temporary-files.patch (text/plain), 1.43 KB, created by Petr Pisar on 2013-11-27 10:08:15 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Petr Pisar

Created: 2013-11-27 10:08:15 UTC

Size: 1.43 KB

patch

obsolete

>From 22abca21379b81e53b2e2a714db5edb77864f52d Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
>Date: Wed, 27 Nov 2013 10:58:07 +0100
>Subject: [PATCH] Do not use already existing temporary files
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>mirror() method tries to create a new temporary file as can be
>concluded by using random name.
>
>To prevent from from attacks, one has to make sure the file does not
>exist. This patch creates temporary files with O_CREAT|O_EXCL mode.
>
>Signed-off-by: Petr PÃsaÅ <ppisar@redhat.com>
>---
> lib/HTTP/Tiny.pm | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
>diff --git a/lib/HTTP/Tiny.pm b/lib/HTTP/Tiny.pm
>index 5d494c0..cc2cc04 100644
>--- a/lib/HTTP/Tiny.pm
>+++ b/lib/HTTP/Tiny.pm
>@@ -6,6 +6,7 @@ use warnings;
> # VERSION
> 
> use Carp ();
>+use Fcntl ();
> 
> =method new
> 
>@@ -206,8 +207,8 @@ sub mirror {
>         $args->{headers}{'if-modified-since'} ||= $self->_http_date($mtime);
>     }
>     my $tempfile = $file . int(rand(2**31));
>-    open my $fh, ">", $tempfile
>-        or Carp::croak(qq/Error: Could not open temporary file $tempfile for downloading: $!\n/);
>+    sysopen my $fh, $tempfile, Fcntl::O_CREAT|Fcntl::O_EXCL|Fcntl::O_WRONLY
>+        or Carp::croak(qq/Error: Could not create temporary file $tempfile for downloading: $!\n/);
>     binmode $fh;
>     $args->{data_callback} = sub {
>         print {$fh} $_[0]
>-- 
>1.8.3.1
>

Actions: View | Diff

Attachments on bug 1031096: 829631 | 829632