1 /*
2  * Copyright (c) 2010  Philip Guenther <guenther@openbsd.org>
3  *
4  * Public domain.
5  *
6  * Verify that mkstemp() and mkstemps() doesn't overrun or underrun
7  * the template buffer and that it can generate names that don't
8  * contain any X's
9  */
10 
11 #include <sys/types.h>
12 #include <sys/mman.h>
13 #include <sys/stat.h>
14 
15 #include <err.h>
16 #include <errno.h>
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <string.h>
20 #include <limits.h>
21 #include <unistd.h>
22 
23 #define MAX_TEMPLATE_LEN	10
24 #define MAX_TRIES		100
25 #define MIN_Xs			6
26 
27 #define SUFFIX	".suff"
28 #define SLEN	(sizeof SUFFIX - 1)
29 
30 long pg;
31 
32 /*
33  * verify that a path generated by mkstemp() or mkstemp() looks like a
34  * reasonable expansion of the template and matches the fd.  Returns true
35  * if all the X's were replaced with non-X's
36  */
37 int
38 check(int fd, char const *path, char const *prefix, size_t plen,
39     char const *suffix, size_t slen, int tlen)
40 {
41 	struct stat sb, fsb;
42 	char const *p;
43 
44 	if (tlen < MIN_Xs) {
45 		if (fd >= 0)
46 			errx(1, "mkstemp(%s) succeed with too few Xs", path);
47 		if (errno != EINVAL)
48 			err(1, "mkstemp(%s) failed with wrong errno", path);
49 		return 1;
50 	}
51 	if (fd < 0)
52 		err(1, "mkstemp(%s)", path);
53 	if (stat(path, &sb))
54 		err(1, "stat(%s)", path);
55 	if (fstat(fd, &fsb))
56 		err(1, "fstat(%d==%s)", fd, path);
57 	if (sb.st_dev != fsb.st_dev || sb.st_ino != fsb.st_ino)
58 		errx(1, "stat mismatch");
59 	close(fd);
60 	if (memcmp(path, prefix, plen) != 0)
61 		errx(1, "prefix changed!  %s vs %s", prefix, path);
62 	if (memcmp(path + plen + tlen, suffix, slen + 1) != 0)
63 		errx(1, "suffix changed!  %s vs %s", suffix, path);
64 	for (p = path + plen; p < path + plen + tlen; p++)
65 		if (*p == '\0')
66 			errx(1, "unexpected truncation");
67 		else if (*p == 'X')
68 			return 0;
69 	return 1;
70 }
71 
72 
73 void
74 try_mkstemp(char *p, char const *prefix, int len)
75 {
76 	char *q;
77 	size_t plen = strlen(prefix);
78 	int tries, fd;
79 
80 	for (tries = 0; tries < MAX_TRIES; tries++) {
81 		memcpy(p, prefix, plen);
82 		memset(p + plen, 'X', len);
83 		p[plen + len] = '\0';
84 		fd = mkstemp(p);
85 		if (check(fd, p, prefix, plen, "", 0, len))
86 			return;
87 	}
88 	errx(1, "exceeded MAX_TRIES");
89 }
90 
91 void
92 try_mkstemps(char *p, char const *prefix, int len, char const *suffix)
93 {
94 	char *q;
95 	size_t plen = strlen(prefix);
96 	size_t slen = strlen(suffix);
97 	int tries, fd;
98 
99 	for (tries = 0; tries < MAX_TRIES; tries++) {
100 		memcpy(p, prefix, plen);
101 		memset(p + plen, 'X', len);
102 		memcpy(p + plen + len, suffix, slen + 1);
103 		fd = mkstemps(p, slen);
104 		if (check(fd, p, prefix, plen, suffix, slen, len))
105 			return;
106 	}
107 	errx(1, "exceeded MAX_TRIES");
108 }
109 
110 int
111 main(void)
112 {
113 	struct stat sb, fsb;
114 	char cwd[PATH_MAX + 1];
115 	char *p;
116 	size_t clen;
117 	int i;
118 
119 	pg = sysconf(_SC_PAGESIZE);
120 	if (getcwd(cwd, sizeof cwd - 1) == NULL)
121 		err(1, "getcwd");
122 	clen = strlen(cwd);
123 	cwd[clen++] = '/';
124 	cwd[clen] = '\0';
125 	p = mmap(NULL, pg * 3, PROT_READ | PROT_WRITE, MAP_ANON, -1, 0);
126 	if (p == MAP_FAILED)
127 		err(1, "mmap");
128 	if (mprotect(p, pg, PROT_NONE) || mprotect(p + pg * 2, pg, PROT_NONE))
129 		err(1, "mprotect");
130 	p += pg;
131 
132 	i = MAX_TEMPLATE_LEN + 1;
133 	while (i-- > 0) {
134 		/* try first at the start of a page, no prefix */
135 		try_mkstemp(p, "", i);
136 		/* now at the end of the page, no prefix */
137 		try_mkstemp(p + pg - i - 1, "", i);
138 		/* start of the page, prefixed with the cwd */
139 		try_mkstemp(p, cwd, i);
140 		/* how about at the end of the page, prefixed with cwd? */
141 		try_mkstemp(p + pg - clen - i - 1, cwd, i);
142 
143 		/* again, with mkstemps() and an empty suffix */
144 		/* try first at the start of a page, no prefix */
145 		try_mkstemps(p, "", i, "");
146 		/* now at the end of the page, no prefix */
147 		try_mkstemps(p + pg - i - 1, "", i, "");
148 		/* start of the page, prefixed with the cwd */
149 		try_mkstemps(p, cwd, i, "");
150 		/* how about at the end of the page, prefixed with cwd? */
151 		try_mkstemps(p + pg - clen - i - 1, cwd, i, "");
152 
153 		/* mkstemps() and a non-empty suffix */
154 		/* try first at the start of a page, no prefix */
155 		try_mkstemps(p, "", i, SUFFIX);
156 		/* now at the end of the page, no prefix */
157 		try_mkstemps(p + pg - i - SLEN - 1, "", i, SUFFIX);
158 		/* start of the page, prefixed with the cwd */
159 		try_mkstemps(p, cwd, i, SUFFIX);
160 		/* how about at the end of the page, prefixed with cwd? */
161 		try_mkstemps(p + pg - clen - i - SLEN - 1, cwd, i, SUFFIX);
162 
163 	}
164 
165 	return 0;
166 }
167