From: Rich Felker <dalias@aerifal.cx>
Date: Thu, 21 Feb 2013 03:58:46 +0000 (-0500)
Subject: fix error cases in mkostemps core
X-Git-Url: http://nsz.repo.hu/git/?p=musl;a=commitdiff_plain;h=8d2f8064aa3d2cc7380c447dfbd8929543f36f51

fix error cases in mkostemps core

1. wrong return value and missing errno for negative suffix len
2. failure to catch suffix len > strlen
3. remove unwanted clearing of input string in invalid case
---

diff --git a/src/temp/mkostemps.c b/src/temp/mkostemps.c
index 804a5475..d87d4b66 100644
--- a/src/temp/mkostemps.c
+++ b/src/temp/mkostemps.c
@@ -9,18 +9,15 @@ char *__randname(char *);
 
 int __mkostemps(char *template, int len, int flags)
 {
-	if (len < 0) return EINVAL;
-
-	size_t l = strlen(template)-len;
-	if (l < 6 || strncmp(template+l-6, "XXXXXX", 6)) {
+	size_t l = strlen(template);
+	if (l<6 || len>l-6 || strncmp(template+l-len-6, "XXXXXX", 6)) {
 		errno = EINVAL;
-		*template = 0;
 		return -1;
 	}
 
 	int fd, retries = 100;
 	while (retries--) {
-		__randname(template+l-6);
+		__randname(template+l-len-6);
 		if ((fd = open(template, flags | O_RDWR | O_CREAT | O_EXCL, 0600))>=0)
 			return fd;
 		if (errno != EEXIST) return -1;