diff options
| author | Bruno Haible <bruno@clisp.org> | 2005-02-07 11:42:26 +0000 |
|---|---|---|
| committer | Bruno Haible <bruno@clisp.org> | 2009-06-23 12:12:08 +0200 |
| commit | 25439f6a4e6b362a4685a23ddb7f485c7399eb6b (patch) | |
| tree | 37d8ecf9c27f5e37d4bf45b3d9439ed3e013afae /gettext-tools | |
| parent | d78c911e16a5d2a15febfa1112c88612a9bb0a0b (diff) | |
| download | external_gettext-25439f6a4e6b362a4685a23ddb7f485c7399eb6b.zip external_gettext-25439f6a4e6b362a4685a23ddb7f485c7399eb6b.tar.gz external_gettext-25439f6a4e6b362a4685a23ddb7f485c7399eb6b.tar.bz2 | |
Secure creation of temporary file.
Diffstat (limited to 'gettext-tools')
| -rw-r--r-- | gettext-tools/lib/csharpcomp.sh.in | 45 |
1 files changed, 38 insertions, 7 deletions
diff --git a/gettext-tools/lib/csharpcomp.sh.in b/gettext-tools/lib/csharpcomp.sh.in index f225968..480500d 100644 --- a/gettext-tools/lib/csharpcomp.sh.in +++ b/gettext-tools/lib/csharpcomp.sh.in @@ -1,7 +1,7 @@ #!/bin/sh # Compile a C# program. -# Copyright (C) 2003-2004 Free Software Foundation, Inc. +# Copyright (C) 2003-2005 Free Software Foundation, Inc. # Written by Bruno Haible <bruno@clisp.org>, 2003. # # This program is free software; you can redistribute it and/or modify @@ -34,6 +34,37 @@ # -O optimize # -g generate debugging information +# func_tmpdir +# creates a temporary directory. +# Sets variable +# - tmp pathname of freshly created temporary directory +func_tmpdir () +{ + # Use the environment variable TMPDIR, falling back to /tmp. This allows + # users to specify a different temporary directory, for example, if their + # /tmp is filled up or too small. + : ${TMPDIR=/tmp} + { + # Use the mktemp program if available. If not available, hide the error + # message. + tmp=`(umask 077 && mktemp -d -q "$TMPDIR/gtXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" + } || + { + # Use a simple mkdir command. It is guaranteed to fail if the directory + # already exists. $RANDOM is bash specific and expands to empty in shells + # other than bash, ksh and zsh. Its use does not increase security; + # rather, it minimizes the probability of failure in a very cluttered /tmp + # directory. + tmp=$TMPDIR/gt$$-$RANDOM + (umask 077 && mkdir "$tmp") + } || + { + echo "$0: cannot create a temporary directory in $TMPDIR" >&2 + { (exit 1); exit 1; } + } +} + sed_quote_subst='s/\([|&;<>()$`"'"'"'*?[#~=% \\]\)/\\\1/g' options_cscc= options_mcs= @@ -108,14 +139,14 @@ else sed_drop_success_line='${ /^Compilation succeeded/d }' - tmpfile=`(mktemp "${TMPDIR-/tmp}/mcserrXXXXXXXX") 2>/dev/null || echo ${TMPDIR-/tmp}/mcserr$$` - trap 'rm -f "$tmpfile"' 1 2 3 15 + func_tmpdir + trap 'rm -rf "$tmp"' 1 2 3 15 test -z "$CSHARP_VERBOSE" || echo mcs $options_mcs $sources - mcs $options_mcs $sources > "$tmpfile" + mcs $options_mcs $sources > "$tmp"/mcs.err result=$? - sed -e "$sed_drop_success_line" < "$tmpfile" >&2 - rm -f "$tmpfile" - exit $? + sed -e "$sed_drop_success_line" < "$tmp"/mcs.err >&2 + rm -rf "$tmp" + exit $result else if test -n "@HAVE_CSC@"; then test -z "$CSHARP_VERBOSE" || echo csc $options_csc $sources |