[src/netbsd-1-4]: src/bin/csh Pull up revisions 1.15-1.16 (requested by chris...

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/475353645de4
branches:  netbsd-1-4
changeset: 471203:475353645de4
user:      he <he%NetBSD.org@localhost>
date:      Sat Nov 04 18:32:47 2000 +0000

description:
Pull up revisions 1.15-1.16 (requested by christos):
  Avoid overwriting existing files when creating files used
  for ``here'' documents, thereby closing a security hole.

diffstat:

 bin/csh/dol.c |  17 ++++++++++++++---
 1 files changed, 14 insertions(+), 3 deletions(-)

diffs (41 lines):

diff -r 6dbeaa35b9d5 -r 475353645de4 bin/csh/dol.c
--- a/bin/csh/dol.c     Tue Oct 31 15:00:39 2000 +0000
+++ b/bin/csh/dol.c     Sat Nov 04 18:32:47 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dol.c,v 1.13 1998/08/19 01:31:46 thorpej Exp $ */
+/*     $NetBSD: dol.c,v 1.13.2.1 2000/11/04 18:32:47 he Exp $  */
 
 /*-
  * Copyright (c) 1980, 1991, 1993
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)dol.c      8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: dol.c,v 1.13 1998/08/19 01:31:46 thorpej Exp $");
+__RCSID("$NetBSD: dol.c,v 1.13.2.1 2000/11/04 18:32:47 he Exp $");
 #endif
 #endif /* not lint */
 
@@ -853,10 +853,21 @@
     Char  **vp;
     bool    quoted;
     char   *tmp;
+    struct timeval tv;
 
+again:
     tmp = short2str(shtemp);
-    if (open(tmp, O_RDWR | O_CREAT | O_TRUNC, 0600) < 0)
+    if (open(tmp, O_RDWR | O_CREAT | O_TRUNC | O_EXCL, 0600) < 0) {
+       if (errno == EEXIST) {
+           if (unlink(tmp) == -1) {
+               (void) gettimeofday(&tv, NULL);
+               shtemp = Strspl(STRtmpsh, putn((((int)tv.tv_sec) ^ 
+                   ((int)tv.tv_usec) ^ ((int)getpid())) & 0x00ffffff));
+           }
+           goto again;
+       }
        stderror(ERR_SYSTEM, tmp, strerror(errno));
+    }
     (void) unlink(tmp);                /* 0 0 inode! */
     Dv[0] = term;
     Dv[1] = NULL;