From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/2717
Path: news.gmane.org!not-for-mail
From: Szabolcs Nagy <nsz@port70.net>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: [PATCH] Add support for mkostemp, mkstemps and mkostemps
Date: Sat, 2 Feb 2013 21:14:30 +0100
Message-ID: <20130202201429.GL6181@port70.net>
References: <1359830731-24717-1-git-send-email-basile@opensource.dyc.edu>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1359836088 17815 80.91.229.3 (2 Feb 2013 20:14:48 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sat, 2 Feb 2013 20:14:48 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-2718-gllmg-musl=m.gmane.org@lists.openwall.com Sat Feb 02 21:15:09 2013
Return-path: <musl-return-2718-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@plane.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-2718-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1U1jUL-0004Yt-SB
	for gllmg-musl@plane.gmane.org; Sat, 02 Feb 2013 21:15:02 +0100
Original-Received: (qmail 7884 invoked by uid 550); 2 Feb 2013 20:14:42 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 7867 invoked from network); 2 Feb 2013 20:14:42 -0000
Content-Disposition: inline
In-Reply-To: <1359830731-24717-1-git-send-email-basile@opensource.dyc.edu>
User-Agent: Mutt/1.5.21 (2010-09-15)
Xref: news.gmane.org gmane.linux.lib.musl.general:2717
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/2717>

* Anthony G. Basile <basile@opensource.dyc.edu> [2013-02-02 13:45:31 -0500]:
> +	/* Null terminate the template before the suffix,
> +	   and save the char for adding back the suffix */
> +	char suffix = template[l];
> +	template[l] = '\0';

if you set only the XXXXXX part in __randname, then the \0 is unnecessary

> +	int fd, retries = 100;
> +	while (retries--) {
> +		if (!*__randname(template)) return -1;

__randname cannot fail, so the check is unnecessary

> +/* This assumes that a check for the
> +   template size has alrady been made */
> +char *__randname(char *template)
> +{
> +	struct timespec ts;
> +	size_t i, l = strlen(template);
> +
> +	/* r is intentially uninialized and 'dirty' */
> +	unsigned long r;
> +

it's undefined behaviour so the compiler is allowed to
completely remove the code of this function

if you seen this kind of code somewhere, that's a critical
bug that should be reported

the original address based entropy source was ok

> +	clock_gettime(CLOCK_REALTIME, &ts);
> +	r += ((uint64_t) ts.tv_nsec << 16) ^ ts.tv_sec;
> +	for (i=1; i<=6; i++, r>>=6)
> +		template[l-i] = __map_letter(r);
> +
> +	return template;
> +}