summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog25
-rw-r--r--ChangeLogs/ChangeLog-02a25
-rw-r--r--ChangeLogs/ChangeLog-03a25
-rw-r--r--ace/FILE_Connector.cpp40
-rw-r--r--ace/FILE_Connector.h4
-rw-r--r--ace/OS.h1
-rw-r--r--ace/OS.i8
-rw-r--r--ace/config-vxworks5.x.h1
-rw-r--r--ace/config-win32-common.h1
9 files changed, 121 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index ef32a0b21a8..cba70df3e50 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,28 @@
+Sun Jul 08 11:26:23 2001 Ossama Othman <ossama@uci.edu>
+
+ * ace/OS.h (mkstemp):
+ * ace/OS.i (mkstemp):
+
+ New mkstemp() wrapper. It is assumed to be available on the
+ given platform, unless ACE_LACKS_MKSTEMP is defined.
+
+ * ace/FILE_Connector.h:
+
+ Added O_EXCL to the default flags. This is a security hole
+ fix.
+
+ * ace/FILE_Connector.cpp (connect):
+
+ If mkstemp() is available, then use it to create a temporary
+ file rather than mktemp() (via ACE_FILE_Addr) since mktemp() is
+ susceptible to a denial-of-service attack.
+
+ * ace/config-win32-common.h:
+ * ace/config-vxworks5.x.h:
+
+ mkstemp() is not supported on MS Windows and VxWorks. Define
+ ACE_LACKS_MKSTEMP in these headers.
+
Sun Jul 8 08:13:12 2001 Douglas C. Schmidt <schmidt@tango.doc.wustl.edu>
* ace/Select_Reactor_Base.h: Added a comment explaining what
diff --git a/ChangeLogs/ChangeLog-02a b/ChangeLogs/ChangeLog-02a
index ef32a0b21a8..cba70df3e50 100644
--- a/ChangeLogs/ChangeLog-02a
+++ b/ChangeLogs/ChangeLog-02a
@@ -1,3 +1,28 @@
+Sun Jul 08 11:26:23 2001 Ossama Othman <ossama@uci.edu>
+
+ * ace/OS.h (mkstemp):
+ * ace/OS.i (mkstemp):
+
+ New mkstemp() wrapper. It is assumed to be available on the
+ given platform, unless ACE_LACKS_MKSTEMP is defined.
+
+ * ace/FILE_Connector.h:
+
+ Added O_EXCL to the default flags. This is a security hole
+ fix.
+
+ * ace/FILE_Connector.cpp (connect):
+
+ If mkstemp() is available, then use it to create a temporary
+ file rather than mktemp() (via ACE_FILE_Addr) since mktemp() is
+ susceptible to a denial-of-service attack.
+
+ * ace/config-win32-common.h:
+ * ace/config-vxworks5.x.h:
+
+ mkstemp() is not supported on MS Windows and VxWorks. Define
+ ACE_LACKS_MKSTEMP in these headers.
+
Sun Jul 8 08:13:12 2001 Douglas C. Schmidt <schmidt@tango.doc.wustl.edu>
* ace/Select_Reactor_Base.h: Added a comment explaining what
diff --git a/ChangeLogs/ChangeLog-03a b/ChangeLogs/ChangeLog-03a
index ef32a0b21a8..cba70df3e50 100644
--- a/ChangeLogs/ChangeLog-03a
+++ b/ChangeLogs/ChangeLog-03a
@@ -1,3 +1,28 @@
+Sun Jul 08 11:26:23 2001 Ossama Othman <ossama@uci.edu>
+
+ * ace/OS.h (mkstemp):
+ * ace/OS.i (mkstemp):
+
+ New mkstemp() wrapper. It is assumed to be available on the
+ given platform, unless ACE_LACKS_MKSTEMP is defined.
+
+ * ace/FILE_Connector.h:
+
+ Added O_EXCL to the default flags. This is a security hole
+ fix.
+
+ * ace/FILE_Connector.cpp (connect):
+
+ If mkstemp() is available, then use it to create a temporary
+ file rather than mktemp() (via ACE_FILE_Addr) since mktemp() is
+ susceptible to a denial-of-service attack.
+
+ * ace/config-win32-common.h:
+ * ace/config-vxworks5.x.h:
+
+ mkstemp() is not supported on MS Windows and VxWorks. Define
+ ACE_LACKS_MKSTEMP in these headers.
+
Sun Jul 8 08:13:12 2001 Douglas C. Schmidt <schmidt@tango.doc.wustl.edu>
* ace/Select_Reactor_Base.h: Added a comment explaining what
diff --git a/ace/FILE_Connector.cpp b/ace/FILE_Connector.cpp
index e3b4306f10c..d858fc68c5f 100644
--- a/ace/FILE_Connector.cpp
+++ b/ace/FILE_Connector.cpp
@@ -39,20 +39,46 @@ ACE_FILE_Connector::connect (ACE_FILE_IO &new_io,
ACE_TRACE ("ACE_FILE_Connector::connect");
ACE_ASSERT (new_io.get_handle () == ACE_INVALID_HANDLE);
+ ACE_HANDLE handle = ACE_INVALID_HANDLE;
+
// Check to see if caller has requested that we create the filename.
if (ACE_reinterpret_cast (const ACE_Addr &,
ACE_const_cast (ACE_FILE_Addr &,
remote_sap)) == ACE_Addr::sap_any)
- // Create a new temporary file.
- new_io.addr_ =
- ACE_FILE_Addr (ACE_sap_any_cast (ACE_FILE_Addr &)); // class copy.
+ {
+ // Create a new temporary file.
+#ifdef ACE_LACKS_MKSTEMP
+ new_io.addr_ =
+ ACE_FILE_Addr (ACE_sap_any_cast (ACE_FILE_Addr &)); // class copy.
+#else
+ // Use ACE_OS::mkstemp() if it is available since it avoids a
+ // race condition, and subsequently a security hole due to that
+ // race condition (specifically, a denial-of-service attack).
+ //
+ // However, using mkstemp() prevents us from doing a timed open
+ // since it opens the file for us. Better to avoid the race
+ // condition.
+ char filename[] = "ace-file-XXXXXX";
+
+ handle = ACE_OS::mkstemp (filename); // mkstemp() replaces "XXXXXX"
+
+ if (handle == ACE_INVALID_HANDLE
+ || new_io.addr_.set (filename) != 0)
+ return -1;
+
+ new_io.set_handle (handle);
+
+ return 0;
+#endif /* ACE_LACKS_MKSTEMP */
+ }
else
new_io.addr_ = remote_sap; // class copy.
- ACE_HANDLE handle = ACE_Handle_Ops::handle_timed_open (timeout,
- new_io.addr_.get_path_name (),
- flags,
- perms);
+ handle = ACE_Handle_Ops::handle_timed_open (timeout,
+ new_io.addr_.get_path_name (),
+ flags,
+ perms);
+
new_io.set_handle (handle);
return handle == ACE_INVALID_HANDLE ? -1 : 0;
}
diff --git a/ace/FILE_Connector.h b/ace/FILE_Connector.h
index 0675b3ff584..6880d2c9a35 100644
--- a/ace/FILE_Connector.h
+++ b/ace/FILE_Connector.h
@@ -54,7 +54,7 @@ public:
ACE_Time_Value *timeout = 0,
const ACE_Addr &local_sap = ACE_Addr::sap_any,
int reuse_addr = 0,
- int flags = O_RDWR | O_CREAT,
+ int flags = O_RDWR | O_CREAT | O_EXCL,
int perms = ACE_DEFAULT_FILE_PERMS);
/**
@@ -78,7 +78,7 @@ public:
ACE_Time_Value *timeout = 0,
const ACE_Addr &local_sap = ACE_Addr::sap_any,
int reuse_addr = 0,
- int flags = O_RDWR | O_CREAT,
+ int flags = O_RDWR | O_CREAT | O_EXCL,
int perms = ACE_DEFAULT_FILE_PERMS);
/// Resets any event associations on this handle
diff --git a/ace/OS.h b/ace/OS.h
index 3c4e1ef94ff..319c8175176 100644
--- a/ace/OS.h
+++ b/ace/OS.h
@@ -6082,6 +6082,7 @@ public:
static int mkfifo (const ACE_TCHAR *file,
mode_t mode = ACE_DEFAULT_FILE_PERMS);
static ACE_TCHAR *mktemp (ACE_TCHAR *t);
+ static ACE_HANDLE mkstemp (ACE_TCHAR *t);
static ACE_TCHAR *getcwd (ACE_TCHAR *, size_t);
static int rename (const ACE_TCHAR *old_name,
const ACE_TCHAR *new_name,
diff --git a/ace/OS.i b/ace/OS.i
index db45cf6e7d9..e8714631442 100644
--- a/ace/OS.i
+++ b/ace/OS.i
@@ -545,6 +545,14 @@ ACE_OS::mktemp (ACE_TCHAR *s)
}
#endif /* !ACE_LACKS_MKTEMP */
+#if !defined (ACE_LACKS_MKSTEMP)
+ACE_INLINE ACE_HANDLE
+ACE_OS::mkstemp (ACE_TCHAR *s)
+{
+ return ::mkstemp (s);
+}
+#endif /* !ACE_LACKS_MKSTEMP */
+
ACE_INLINE int
ACE_OS::mkfifo (const ACE_TCHAR *file, mode_t mode)
{
diff --git a/ace/config-vxworks5.x.h b/ace/config-vxworks5.x.h
index 38956cc8a0f..d9f29d01857 100644
--- a/ace/config-vxworks5.x.h
+++ b/ace/config-vxworks5.x.h
@@ -126,6 +126,7 @@
#define ACE_LACKS_MEMORY_H
#define ACE_LACKS_MKFIFO
#define ACE_LACKS_MKTEMP
+#define ACE_LACKS_MKSTEMP
#define ACE_LACKS_MMAP
#define ACE_LACKS_MPROTECT
#define ACE_LACKS_MSYNC
diff --git a/ace/config-win32-common.h b/ace/config-win32-common.h
index 36dde43d5fd..94fbb1edca4 100644
--- a/ace/config-win32-common.h
+++ b/ace/config-win32-common.h
@@ -511,6 +511,7 @@ typedef unsigned long long ACE_UINT64;
#define ACE_SIZEOF_WCHAR 2
#define ACE_HAS_MUTEX_TIMEOUTS
#define ACE_LACKS_STRUCT_DIR
+#define ACE_LACKS_MKSTEMP
#include "ace/post.h"
#endif /* ACE_CONFIG_WIN32_COMMON_H */