Use mkdtemp() to make temp directories. If there is no mkdtemp(), provide

one.

3 files changed, 91 insertions, 26 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 94d34c13e..0e5e9204c 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,11 @@
+2001-12-20  David Shaw  <[email protected]>
+
+	* keyserver.c (keyserver_spawn): Use mkdtemp() to make temp
+	directory.
+
+	* mkdtemp.c: replacement function for those platforms that don't
+	have mkdtemp (make a temp directory securely).
+
 2001-12-19  David Shaw  <[email protected]>
 
 	* misc.c (check_permissions): New function to stat() and ensure
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 908f510b5..89f2c68ad 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -41,6 +41,10 @@
 #include "main.h"
 #include "hkp.h"
 
+#ifndef HAVE_MKDTEMP
+char *mkdtemp(char *template);
+#endif
+
 #if !(defined(HAVE_FORK) && defined(HAVE_PIPE))
 #define KEYSERVER_TEMPFILE_ONLY
 #endif
@@ -296,39 +300,20 @@ keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count)
 
   if(opt.keyserver_options.use_temp_files)
     {
-      int attempts;
       const char *tmp=get_temp_dir();
-      byte *randombits;
-
-      tempdir=m_alloc(strlen(tmp)+1+12+1);
-
-      /* Try 4 times to make the temp directory */
-      for(attempts=0;attempts<4;attempts++)
-	{
-	  /* Using really random bits is probably overkill here.  The
-	     worst thing that can happen with a directory name collision
-	     is that the user will get an error message. */
-	  randombits=get_random_bits(8*4,0,0);
-
-	  sprintf(tempdir,"%s" DIRSEP_S "gpg-%02X%02X%02X%02X",tmp,
-		  randombits[0],randombits[1],randombits[2],randombits[3]);
 
-	  m_free(randombits);
+      tempdir=m_alloc(strlen(tmp)+1+10+1);
+      sprintf(tempdir,"%s" DIRSEP_S "gpg-XXXXXX",tmp);
 
-	  if(mkdir(tempdir,0700)==0)
-	    {
-	      madedir=1;
-	      break;
-	    }
-	}
-
-      if(!madedir)
+      if(mkdtemp(tempdir)==NULL)
 	{
-	  log_error(_("%s: can't create temp directory after %d tries: %s\n"),
-		    tempdir,attempts,strerror(errno));
+	  log_error(_("%s: can't create temp directory: %s\n"),
+		    tempdir,strerror(errno));
 	  goto fail;
 	}
 
+      madedir=1;
+
       tempfile_in=m_alloc(strlen(tempdir)+1+10+1);
       sprintf(tempfile_in,"%s" DIRSEP_S "ksrvin" EXTSEP_S "txt",tempdir);
 
diff --git a/g10/mkdtemp.c b/g10/mkdtemp.c
new file mode 100644
index 000000000..6a159c02b
--- /dev/null
+++ b/g10/mkdtemp.c
@@ -0,0 +1,72 @@
+/* This is a replacement function for mkdtemp in case the platform
+   we're building on (like mine!) doesn't have it. */
+
+#include <config.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include "types.h"
+#include "cipher.h"
+
+char *mkdtemp(char *template)
+{
+  int attempts,index,count=0;
+  byte *ch;
+
+  index=strlen(template);
+  ch=&template[index-1];
+
+  /* Walk backwards to count all the Xes */
+  while(*ch=='X' && count<index)
+    {
+      count++;
+      ch--;
+    }
+
+  ch++;
+
+  if(count==0)
+    {
+      errno=EINVAL;
+      return NULL;
+    }
+
+  /* Try 4 times to make the temp directory */
+  for(attempts=0;attempts<4;attempts++)
+    {
+      int index=0,remaining=count;
+      char *marker=ch;
+      byte *randombits;
+
+      /* Using really random bits is probably overkill here.  The
+	 worst thing that can happen with a directory name collision
+	 is that the function will return an error. */
+
+      randombits=get_random_bits(4*remaining,0,0);
+
+      while(remaining>1)
+	{
+	  sprintf(marker,"%02X",randombits[index++]);
+	  marker+=2;
+	  remaining-=2;
+	}
+
+      /* Any leftover Xes?  get_random_bits rounds up to full bytes,
+         so this is safe. */
+      if(remaining>0)
+	sprintf(marker,"%X",randombits[index]&0xF);
+
+      m_free(randombits);
+
+      if(mkdir(template,0700)==0)
+	break;
+    }
+
+  if(attempts==4)
+    return NULL; /* keeps the errno from mkdir, whatever it is */
+
+  return template;
+}