cgi: reimplement mktemp(1)

master
Mikhail Novosyolov 3 years ago
parent 6e5ff0b8c3
commit ed6146986c
  1. 26
      doskast-trigger-connect.cgi

@ -6,13 +6,29 @@ set -e
set -f set -f
set -u set -u
# mktemp(1) does not respect umask
# https://bugzilla.altlinux.org/show_bug.cgi?id=42550
# $1: directory in which file will be created
# Returns path to file without creating it
# (theoretically vulnerabile to races)
_mktemp(){
local rand
while true
do
rand="$(head -c 55 /dev/urandom | base64 | grep -o '[[:alnum:]]' | head -c 20 | tr -d '\n')"
if ! test -f "$1"/"$rand" ; then
echo "$1"/"$rand"
break
fi
done
}
# $1: directory
_main_trigger_connect(){ _main_trigger_connect(){
local tmp echo "$REMOTE_ADDR" > "$(_mktemp "$dir")"
tmp="$(umask 0022 && mktemp --tmpdir="$dir" connect.XXXXX)"
test -f "$tmp"
echo "$REMOTE_ADDR" > "$tmp"
} }
# $1: HTTP_STATUS_CODE # $1: HTTP_STATUS_CODE
# $2: HTTP_STATUS_DESCRIPTION # $2: HTTP_STATUS_DESCRIPTION
# $3: text of responce # $3: text of responce
@ -29,6 +45,6 @@ _response_text(){
if [ "${SOURCED:-0}" != 1 ]; then if [ "${SOURCED:-0}" != 1 ]; then
readonly dir='/var/spool/doskast' readonly dir='/var/spool/doskast'
_main_trigger_connect "$@" _main_trigger_connect "$dir"
_response_text 200 OK OK _response_text 200 OK OK
fi fi

Loading…
Cancel
Save