commit: a6a28b9c714d8e964ab94a7039b82a346c73f8b8
parent 19fa609e5fe79fcc4bf9da25083ea3e70a915021
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Sat, 8 Mar 2025 05:59:34 +0100
cmd/mktemp: treat newline as invalid in template for -u
For safe generation, assume libc treats newline as invalid.
Diffstat:
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/cmd/mktemp.c b/cmd/mktemp.c
@@ -39,6 +39,15 @@ unsafe_mktemp(char *template)
return 1;
}
+ for(size_t i = 0; i < l; i++)
+ {
+ if(template[i] == '\n')
+ {
+ fprintf(stderr, "%s: error: Invalid character (newline) in template\n", argv0);
+ return 1;
+ }
+ }
+
for(int retries = 100; 0 < retries; retries--)
{
unsigned long r = 0;
diff --git a/test-cmd/mktemp.sh b/test-cmd/mktemp.sh
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: MPL-2.0
target="$(dirname "$0")/../cmd/mktemp"
-plans=12
+plans=14
. "$(dirname "$0")/tap.sh"
t_mktemp()
@@ -90,5 +90,12 @@ cmd_mktemp_u() {
}
t_cmd unsafe:file '' cmd_mktemp_u -u
t_cmd unsafe:file_template '' cmd_mktemp_u -u template.XXXXXX
+t_args --exit=1 unsafe:file_template_line 'mktemp: error: Invalid character (newline) in template
+' -u 'template
+XXXXXX'
+
t_cmd unsafe:dir '' cmd_mktemp_u -u -d
t_cmd unsafe:dir_template '' cmd_mktemp_u -u -d template.XXXXXX
+t_args --exit=1 unsafe:dir_template_line 'mktemp: error: Invalid character (newline) in template
+' -u -d 'template
+XXXXXX'
