From 4dbd6e9654752b3e4971e4cb69f2e09666f6b252 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Wed, 31 Oct 2012 08:13:47 -0600
Subject: [PATCH] build: prefer mkostemp for multi-thread safety

https://bugzilla.redhat.com/show_bug.cgi?id=871756

Commit cd1e8d1 assumed that systems new enough to have journald
also have mkostemp; but this is not true for uclibc.

For that matter, use of mkstemp[s] is unsafe in a multi-threaded
program.  We should prefer mkostemp[s] in the first place.

* bootstrap.conf (gnulib_modules): Add mkostemp, mkostemps; drop
mkstemp and mkstemps.
* cfg.mk (sc_prohibit_mkstemp): New syntax check.
* tools/virsh.c (vshEditWriteToTempFile): Adjust caller.
* src/qemu/qemu_driver.c (qemuDomainScreenshot)
(qemudDomainMemoryPeek): Likewise.
* src/secret/secret_driver.c (replaceFile): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise.
---
 bootstrap.conf             | 4 ++--
 cfg.mk                     | 6 ++++++
 src/qemu/qemu_driver.c     | 8 ++++----
 src/secret/secret_driver.c | 4 ++--
 src/vbox/vbox_tmpl.c       | 4 ++--
 tools/virsh.c              | 4 ++--
 6 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/bootstrap.conf b/bootstrap.conf
index 5d391fdadc..59dd2580f1 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -69,8 +69,8 @@ listen
 localeconv
 maintainer-makefile
 manywarnings
-mkstemp
-mkstemps
+mkostemp
+mkostemps
 mktempd
 net_if
 netdb
diff --git a/cfg.mk b/cfg.mk
index 50e6a50c69..cda04e418a 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -339,6 +339,12 @@ sc_prohibit_fork_wrappers:
 	halt='use virCommand for child processes'			\
 	  $(_sc_search_regexp)
 
+# Prefer mkostemp with O_CLOEXEC.
+sc_prohibit_mkstemp:
+	@prohibit='[^"]\<mkstemps? *\('					\
+	halt='use mkostemp with O_CLOEXEC instead of mkstemp'		\
+	  $(_sc_search_regexp)
+
 # access with X_OK accepts directories, but we can't exec() those.
 # access with F_OK or R_OK is okay, though.
 sc_prohibit_access_xok:
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 8b5f06a896..267bbf175c 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3485,8 +3485,8 @@ qemuDomainScreenshot(virDomainPtr dom,
         goto endjob;
     }
 
-    if ((tmp_fd = mkstemp(tmp)) == -1) {
-        virReportSystemError(errno, _("mkstemp(\"%s\") failed"), tmp);
+    if ((tmp_fd = mkostemp(tmp, O_CLOEXEC)) == -1) {
+        virReportSystemError(errno, _("mkostemp(\"%s\") failed"), tmp);
         goto endjob;
     }
     unlink_tmp = true;
@@ -9230,9 +9230,9 @@ qemudDomainMemoryPeek (virDomainPtr dom,
     }
 
     /* Create a temporary filename. */
-    if ((fd = mkstemp (tmp)) == -1) {
+    if ((fd = mkostemp(tmp, O_CLOEXEC)) == -1) {
         virReportSystemError(errno,
-                             _("mkstemp(\"%s\") failed"), tmp);
+                             _("mkostemp(\"%s\") failed"), tmp);
         goto endjob;
     }
 
diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index 9ce1e3360a..51e1e46485 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -171,9 +171,9 @@ replaceFile(const char *filename, void *data, size_t size)
         virReportOOMError();
         goto cleanup;
     }
-    fd = mkstemp (tmp_path);
+    fd = mkostemp(tmp_path, O_CLOEXEC);
     if (fd == -1) {
-        virReportSystemError(errno, _("mkstemp('%s') failed"), tmp_path);
+        virReportSystemError(errno, _("mkostemp('%s') failed"), tmp_path);
         goto cleanup;
     }
     if (fchmod(fd, S_IRUSR | S_IWUSR) != 0) {
diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c
index 32a903e8fe..6f245daeba 100644
--- a/src/vbox/vbox_tmpl.c
+++ b/src/vbox/vbox_tmpl.c
@@ -9157,8 +9157,8 @@ vboxDomainScreenshot(virDomainPtr dom,
         return NULL;
     }
 
-    if ((tmp_fd = mkstemp(tmp)) == -1) {
-        virReportSystemError(errno, _("mkstemp(\"%s\") failed"), tmp);
+    if ((tmp_fd = mkostemp(tmp, O_CLOEXEC)) == -1) {
+        virReportSystemError(errno, _("mkostemp(\"%s\") failed"), tmp);
         VIR_FREE(tmp);
         VBOX_RELEASE(machine);
         return NULL;
diff --git a/tools/virsh.c b/tools/virsh.c
index f0ec62537f..7bb7781af6 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -565,9 +565,9 @@ vshEditWriteToTempFile(vshControl *ctl, const char *doc)
         vshError(ctl, "%s", _("out of memory"));
         return NULL;
     }
-    fd = mkstemps(ret, 4);
+    fd = mkostemps(ret, 4, O_CLOEXEC);
     if (fd == -1) {
-        vshError(ctl, _("mkstemps: failed to create temporary file: %s"),
+        vshError(ctl, _("mkostemps: failed to create temporary file: %s"),
                  virStrerror(errno, ebuf, sizeof(ebuf)));
         VIR_FREE(ret);
         return NULL;