Bug#983420: nntp.c: fix use of mkstemp()

Tue, 23 Feb 2021 14:18:23 -0800 

Source: nn
Version: 6.7.3-14
Severity: normal
Tags: patch

Dear Maintainer,

>From 1fd28131cea7a322dd3ac8f0a449ba44a893f519 Mon Sep 17 00:00:00 2001
>From: Bjarni Ingi Gislason <[email protected]>
>Date: Tue, 23 Feb 2021 20:42:59 +0000
>Subject: [PATCH] nntp.c: fix use of mkstemp()

nntp.c: fix use of mkstemp()

Signed-off-by: Bjarni Ingi Gislason <[email protected]>
---
 nntp.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/nntp.c b/nntp.c
index 0466bdf..ccd02da 100644
--- a/nntp.c
+++ b/nntp.c
@@ -996,11 +996,15 @@ nntp_get_active(void)
     if (!is_connected && connect_server() < 0)
        return -1;
 
-    new_name = mkstemp(relative(db_directory, ".actXXXXXX"));
+/*    new_name = mkstemp(relative(db_directory, ".actXXXXXX")); */
+    new_name = relative(db_directory, ".actXXXXXX");
 
     switch (n = ask_server("LIST")) {
        case OK_GROUPS:
-           new = open_file(new_name, OPEN_CREATE_RW | MUST_EXIST);
+/*         new = open_file(new_name, OPEN_CREATE_RW | MUST_EXIST); */
+           fd = mkstemp(new_name); /* new_name changed to actual name*/
+           new = fdopen(fd, r+);
+
            if (copy_text(new) == 0) {
                if (fflush(new) != EOF)
                    break;
@@ -1051,12 +1055,20 @@ nntp_get_newsgroups(void)
 {
     char           *new_name;
     FILE           *new;
-    int             n;
+    int             fd, n;
+
+/* Make a more secure temporary file than with "mktemp"
+  Have to add unlink function
+*/
+    new_name = relative(tmp_directory, "nngrXXXXXX");
+    fd = mkstemp(new_name);
 
-    new_name = mkstemp(relative(tmp_directory, "nngrXXXXXX"));
-    new = open_file(new_name, OPEN_CREATE_RW | OPEN_UNLINK);
-    if (new == NULL)
+    if (fd == -1) {
        return NULL;
+    }
+
+    new = fdopen(fd, "r+");
+    unlink(new_name);
 
     if (!is_connected && connect_server() < 0)
        goto err;
-- 
2.30.0



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.9-1 (SMP w/2 CPU threads)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

-- debconf information excluded

-- 
Bjarni I. Gislason

Reply via email to