1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
diff --git c/lib/tempname.c i/lib/tempname.c
index 2da5afe..562955a 100644
--- c/lib/tempname.c
+++ i/lib/tempname.c
@@ -22,6 +22,7 @@
#if !_LIBC
# include <config.h>
# include "tempname.h"
+# include "randint.h"
#endif
#include <sys/types.h>
@@ -49,6 +50,7 @@
# error report this to bug-gnulib@gnu.org
#endif
+#include <stdbool.h>
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
@@ -179,14 +181,21 @@ __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx,
}
#endif /* _LIBC */
+static inline bool _GL_ATTRIBUTE_PURE
+check_x_suffix (char const *s, size_t len)
+{
+ return len <= strspn (s, "X");
+}
+
/* These are the characters used in temporary file names. */
static const char letters[] =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
/* Generate a temporary file name based on TMPL. TMPL must match the
- rules for mk[s]temp (i.e. end in "XXXXXX", possibly with a suffix).
+ rules for mk[s]temp (i.e. end in at least X_SUFFIX_LEN "X"s,
+ possibly with a suffix).
The name constructed does not exist at the time of the call to
- __gen_tempname. TMPL is overwritten with the result.
+ this function. TMPL is overwritten with the result.
KIND may be one of:
__GT_NOCREATE: simply verify that the name does not exist
@@ -197,23 +206,24 @@ static const char letters[] =
We use a clever algorithm to get hard-to-predict names. */
int
-__gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
+gen_tempname_len (char *tmpl, int suffixlen, int flags, int kind,
+ size_t x_suffix_len)
{
- int len;
+ size_t len;
char *XXXXXX;
- static uint64_t value;
- uint64_t random_time_bits;
unsigned int count;
int fd = -1;
int save_errno = errno;
struct_stat64 st;
+ struct randint_source *rand_src;
/* A lower bound on the number of temporary files to attempt to
generate. The maximum total number of temporary file names that
can exist for a given template is 62**6. It should never be
necessary to try all these combinations. Instead if a reasonable
number of names is tried (we define reasonable as 62**3) fail to
- give the system administrator the chance to remove the problems. */
+ give the system administrator the chance to remove the problems.
+ This value requires that X_SUFFIX_LEN be at least 3. */
#define ATTEMPTS_MIN (62 * 62 * 62)
/* The number of times to attempt to generate a temporary file. To
@@ -225,43 +235,28 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
#endif
len = strlen (tmpl);
- if (len < 6 + suffixlen || memcmp (&tmpl[len - 6 - suffixlen], "XXXXXX", 6))
+ if (len < x_suffix_len + suffixlen
+ || ! check_x_suffix (&tmpl[len - x_suffix_len - suffixlen],
+ x_suffix_len))
{
__set_errno (EINVAL);
return -1;
}
/* This is where the Xs start. */
- XXXXXX = &tmpl[len - 6 - suffixlen];
+ XXXXXX = &tmpl[len - x_suffix_len - suffixlen];
/* Get some more or less random data. */
-#ifdef RANDOM_BITS
- RANDOM_BITS (random_time_bits);
-#else
- {
- struct timeval tv;
- __gettimeofday (&tv, NULL);
- random_time_bits = ((uint64_t) tv.tv_usec << 16) ^ tv.tv_sec;
- }
-#endif
- value += random_time_bits ^ __getpid ();
+ rand_src = randint_all_new (NULL, 8);
+ if (! rand_src)
+ return -1;
- for (count = 0; count < attempts; value += 7777, ++count)
+ for (count = 0; count < attempts; ++count)
{
- uint64_t v = value;
-
- /* Fill in the random bits. */
- XXXXXX[0] = letters[v % 62];
- v /= 62;
- XXXXXX[1] = letters[v % 62];
- v /= 62;
- XXXXXX[2] = letters[v % 62];
- v /= 62;
- XXXXXX[3] = letters[v % 62];
- v /= 62;
- XXXXXX[4] = letters[v % 62];
- v /= 62;
- XXXXXX[5] = letters[v % 62];
+ size_t i;
+
+ for (i = 0; i < x_suffix_len; i++)
+ XXXXXX[i] = letters[randint_genmax (rand_src, sizeof letters - 2)];
switch (kind)
{
@@ -276,7 +271,7 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
break;
case __GT_NOCREATE:
- /* This case is backward from the other three. __gen_tempname
+ /* This case is backward from the other three. This function
succeeds if __xstat fails because the name does not exist.
Note the continue to bypass the common logic at the bottom
of the loop. */
@@ -285,11 +280,15 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
if (errno == ENOENT)
{
__set_errno (save_errno);
- return 0;
+ fd = 0;
+ goto done;
}
else
- /* Give up now. */
- return -1;
+ {
+ /* Give up now. */
+ fd = -1;
+ goto done;
+ }
}
continue;
@@ -301,13 +300,32 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
if (fd >= 0)
{
__set_errno (save_errno);
- return fd;
+ goto done;
}
else if (errno != EEXIST)
- return -1;
+ {
+ fd = -1;
+ goto done;
+ }
}
+ randint_all_free (rand_src);
+
/* We got out of the loop because we ran out of combinations to try. */
__set_errno (EEXIST);
return -1;
+
+ done:
+ {
+ int saved_errno = errno;
+ randint_all_free (rand_src);
+ __set_errno (saved_errno);
+ }
+ return fd;
+}
+
+int
+__gen_tempname (char *tmpl, int suffixlen, int flags, int kind)
+{
+ return gen_tempname_len (tmpl, suffixlen, flags, kind, 6);
}
|
