summaryrefslogtreecommitdiffstats
path: root/compat
diff options
context:
space:
mode:
authorRené Scharfe <l.s.r@web.de>2022-07-15 05:58:50 +0200
committerJunio C Hamano <gitster@pobox.com>2022-07-15 07:45:05 +0200
commitae25974de301ba1809f2d7f0219fcdd86d18cc1f (patch)
tree23a5b1e3d43ff3d095eda9122fed3538ced16789 /compat
parentGit 2.35.4 (diff)
downloadgit-ae25974de301ba1809f2d7f0219fcdd86d18cc1f.tar.xz
git-ae25974de301ba1809f2d7f0219fcdd86d18cc1f.zip
mingw: avoid mktemp() in mkstemp() implementation
The implementation of mkstemp() for MinGW uses mktemp() and open() without the flag O_EXCL, which is racy. It's not a security problem for now because all of its callers only create files within the repository (incl. worktrees). Replace it with a call to our more secure internal function, git_mkstemp_mode(), to prevent possible future issues. Signed-off-by: René Scharfe <l.s.r@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'compat')
-rw-r--r--compat/mingw.c5
1 files changed, 1 insertions, 4 deletions
diff --git a/compat/mingw.c b/compat/mingw.c
index 41fc16310c..e92087acc6 100644
--- a/compat/mingw.c
+++ b/compat/mingw.c
@@ -1044,10 +1044,7 @@ char *mingw_mktemp(char *template)
int mkstemp(char *template)
{
- char *filename = mktemp(template);
- if (filename == NULL)
- return -1;
- return open(filename, O_RDWR | O_CREAT, 0600);
+ return git_mkstemp_mode(template, 0600);
}
int gettimeofday(struct timeval *tv, void *tz)