From ed6146986cae3fba6c2c741cbf43da1d3fc1767f Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <mikhailnov@nixtux.ru>
Date: Fri, 22 Apr 2022 16:27:12 +0300
Subject: [PATCH] cgi: reimplement mktemp(1)

---
 doskast-trigger-connect.cgi | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/doskast-trigger-connect.cgi b/doskast-trigger-connect.cgi
index 7379b1f..e4943e7 100755
--- a/doskast-trigger-connect.cgi
+++ b/doskast-trigger-connect.cgi
@@ -6,13 +6,29 @@ set -e
 set -f
 set -u
 
+# mktemp(1) does not respect umask
+# https://bugzilla.altlinux.org/show_bug.cgi?id=42550
+# $1: directory in which file will be created
+# Returns path to file without creating it
+# (theoretically vulnerabile to races)
+_mktemp(){
+	local rand
+	while true
+	do
+		rand="$(head -c 55 /dev/urandom | base64 | grep -o '[[:alnum:]]' | head -c 20 | tr -d '\n')"
+		if ! test -f "$1"/"$rand" ; then
+			echo "$1"/"$rand"
+			break
+		fi
+	done
+}
+
+# $1: directory
 _main_trigger_connect(){
-	local tmp
-	tmp="$(umask 0022 && mktemp --tmpdir="$dir" connect.XXXXX)"
-	test -f "$tmp"
-	echo "$REMOTE_ADDR" > "$tmp"
+	echo "$REMOTE_ADDR" > "$(_mktemp "$dir")"
 }
 
+
 # $1: HTTP_STATUS_CODE
 # $2: HTTP_STATUS_DESCRIPTION
 # $3: text of responce
@@ -29,6 +45,6 @@ _response_text(){
 
 if [ "${SOURCED:-0}" != 1 ]; then
 	readonly dir='/var/spool/doskast'
-	_main_trigger_connect "$@"
+	_main_trigger_connect "$dir"
 	_response_text 200 OK OK
 fi