mingw: avoid mktemp() in mkstemp() implementation

The implementation of mkstemp() for MinGW uses mktemp() and open() without the flag O_EXCL, which is racy. It's not a security problem for now because all of its callers only create files within the repository (incl. worktrees). Replace it with a call to our more secure internal function, git_mkstemp_mode(), to prevent possible future issues. Signed-off-by: René Scharfe <l.s.r@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: René Scharfe <l.s.r@web.de> 2022-07-15 03:58:50 (GMT)
committer: Junio C Hamano <gitster@pobox.com> 2022-07-15 05:45:05 (GMT)
commit: ae25974de301ba1809f2d7f0219fcdd86d18cc1f (patch)
tree: 23a5b1e3d43ff3d095eda9122fed3538ced16789 /compat/mingw.c
parent: 359da658ae32d9a7e5e93ac173fc221352b62917 (diff)
download: git-ae25974de301ba1809f2d7f0219fcdd86d18cc1f.zip
git-ae25974de301ba1809f2d7f0219fcdd86d18cc1f.tar.gz
git-ae25974de301ba1809f2d7f0219fcdd86d18cc1f.tar.bz2
1 files changed, 1 insertions, 4 deletions
diff --git a/compat/mingw.c b/compat/mingw.c
index 41fc163..e92087a 100644
--- a/compat/mingw.c
+++ b/compat/mingw.c
@@ -1044,10 +1044,7 @@ char *mingw_mktemp(char *template)
 
 int mkstemp(char *template)
 {
-	char *filename = mktemp(template);
-	if (filename == NULL)
-		return -1;
-	return open(filename, O_RDWR | O_CREAT, 0600);
+	return git_mkstemp_mode(template, 0600);
 }
 
 int gettimeofday(struct timeval *tv, void *tz)
author	René Scharfe <l.s.r@web.de>	2022-07-15 03:58:50 (GMT)
committer	Junio C Hamano <gitster@pobox.com>	2022-07-15 05:45:05 (GMT)
commit	ae25974de301ba1809f2d7f0219fcdd86d18cc1f (patch)
tree	23a5b1e3d43ff3d095eda9122fed3538ced16789 /compat/mingw.c
parent	359da658ae32d9a7e5e93ac173fc221352b62917 (diff)
download	git-ae25974de301ba1809f2d7f0219fcdd86d18cc1f.zip git-ae25974de301ba1809f2d7f0219fcdd86d18cc1f.tar.gz git-ae25974de301ba1809f2d7f0219fcdd86d18cc1f.tar.bz2