Make call to open a temporary file name safe during NZF creation (#38331)

Based on a patch sent in by Tony Finch <dot@dotat.at>. Also fix win32 implementation of isc_file_openunique() to use a random filename instead of using the process id.
2025-08-30 14:07:59 +00:00 · 2015-01-16 18:28:35 +05:30 · 2015-01-16 18:28:35 +05:30 · b05a50c852
commit b05a50c852
parent f91c369b4a
4 changed files with 17 additions and 8 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+4036.	[bug]		Make call to open a temporary file name safe during
+			NZF creation. [RT #38331]
+
 4035.	[bug]		Close temporary and NZF FILE pointers before moving
 			the former into the latter's place, as required on
 			Windows. [RT #38332]
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -9197,7 +9197,7 @@ nzf_remove(const char *nzfile, const char *viewname, const char *zonename) {

 		/* Create a temporary file */
 		CHECK(isc_file_template("", "nzf-XXXXXXXX", tmp, sizeof(tmp)));
-		CHECK(isc_stdio_open(tmp, "w", &ofp));
+		CHECK(isc_file_openunique(tmp, &ofp));
 		CHECK(add_comment(ofp, viewname));

 		/* Look for the entry for that zone */
--- a/lib/isc/unix/file.c
+++ b/lib/isc/unix/file.c
@ -256,14 +256,13 @@ isc_file_template(const char *path, const char *templet, char *buf,
 	return (ISC_R_SUCCESS);
 }

-static char alphnum[] =
+static const char alphnum[] =
 	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";

 isc_result_t
 isc_file_renameunique(const char *file, char *templet) {
 	char *x;
 	char *cp;
-	isc_uint32_t which;

 	REQUIRE(file != NULL);
 	REQUIRE(templet != NULL);
@ -276,6 +275,8 @@ isc_file_renameunique(const char *file, char *templet) {

 	x = cp--;
 	while (cp >= templet && *cp == 'X') {
+		isc_uint32_t which;
+
 		isc_random_get(&which);
 		*cp = alphnum[which % (sizeof(alphnum) - 1)];
 		x = cp--;
@ -321,7 +322,6 @@ isc_file_openuniquemode(char *templet, int mode, FILE **fp) {
 	isc_result_t result = ISC_R_SUCCESS;
 	char *x;
 	char *cp;
-	isc_uint32_t which;

 	REQUIRE(templet != NULL);
 	REQUIRE(fp != NULL && *fp == NULL);
@ -334,6 +334,8 @@ isc_file_openuniquemode(char *templet, int mode, FILE **fp) {

 	x = cp--;
 	while (cp >= templet && *cp == 'X') {
+		isc_uint32_t which;
+
 		isc_random_get(&which);
 		*cp = alphnum[which % (sizeof(alphnum) - 1)];
 		x = cp--;
--- a/lib/isc/win32/file.c
+++ b/lib/isc/win32/file.c
@ -33,6 +33,7 @@
 #include <isc/file.h>
 #include <isc/mem.h>
 #include <isc/print.h>
+#include <isc/random.h>
 #include <isc/result.h>
 #include <isc/sha2.h>
 #include <isc/stat.h>
@ -42,6 +43,9 @@

 #include "errno2result.h"

+static const char alphnum[] =
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+
 /*
 * Emulate UNIX mkstemp, which returns an open FD to the new file
 *
@ -50,7 +54,6 @@ static int
 gettemp(char *path, isc_boolean_t binary, int *doopen) {
 	char *start, *trv;
 	struct stat sbuf;
-	int pid;
 	int flags = O_CREAT|O_EXCL|O_RDWR;

 	if (binary)
@ -58,11 +61,12 @@ gettemp(char *path, isc_boolean_t binary, int *doopen) {

 	trv = strrchr(path, 'X');
 	trv++;
-	pid = getpid();
 	/* extra X's get set to 0's */
 	while (*--trv == 'X') {
-		*trv = (pid % 10) + '0';
-		pid /= 10;
+		isc_uint32_t which;
+
+		isc_random_get(&which);
+		*trv = alphnum[which % (sizeof(alphnum) - 1)];
 	}
 	/*
 	 * check the target directory; if you have six X's and it