Simplify and improve tempnam() and tmpnam().
They're both obsolescent in POSIX.1-2008, and you really shouldn't be
using them, but since we can't actually delete them...
This change makes them both obey $TMPDIR if set, and fall back to
/data/local/tmp otherwise. That's as good as we've managed for anything
else such as tmpfile(3).
Also add some tests.
Bug: http://b/174682340
Test: treehugger
Change-Id: Ieef99dcc2062f84b2b7cbae046787fdfe975e772
diff --git a/libc/Android.bp b/libc/Android.bp
index 4d63751..447d17b 100644
--- a/libc/Android.bp
+++ b/libc/Android.bp
@@ -506,8 +506,6 @@
"upstream-openbsd/lib/libc/stdio/open_wmemstream.c",
"upstream-openbsd/lib/libc/stdio/rget.c",
"upstream-openbsd/lib/libc/stdio/setvbuf.c",
- "upstream-openbsd/lib/libc/stdio/tempnam.c",
- "upstream-openbsd/lib/libc/stdio/tmpnam.c",
"upstream-openbsd/lib/libc/stdio/ungetc.c",
"upstream-openbsd/lib/libc/stdio/ungetwc.c",
"upstream-openbsd/lib/libc/stdio/vasprintf.c",
diff --git a/libc/NOTICE b/libc/NOTICE
index 58d6679..f7d73d8 100644
--- a/libc/NOTICE
+++ b/libc/NOTICE
@@ -2368,38 +2368,6 @@
-------------------------------------------------------------------
-Copyright (c) 1990, 1993, 1994
- The Regents of the University of California. All rights reserved.
-
-This code is derived from software contributed to Berkeley by
-Chris Torek.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-3. Neither the name of the University nor the names of its contributors
- may be used to endorse or promote products derived from this software
- without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
--------------------------------------------------------------------
-
Copyright (c) 1991 The Regents of the University of California.
All rights reserved.
diff --git a/libc/bionic/tmpfile.cpp b/libc/bionic/tmpfile.cpp
index d7ce897..3d04610 100644
--- a/libc/bionic/tmpfile.cpp
+++ b/libc/bionic/tmpfile.cpp
@@ -35,6 +35,7 @@
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
@@ -99,3 +100,48 @@
return fp;
}
__strong_alias(tmpfile64, tmpfile);
+
+char* tempnam(const char* dir, const char* prefix) {
+ // This function is a terrible idea, marked deprecated in our headers,
+ // and marked obsolescent by POSIX.1-2008, but we make some effort anyway
+ // since we can't easily remove it...
+
+ // $TMPDIR overrides any directory passed in.
+ char* tmpdir = getenv("TMPDIR");
+ if (tmpdir != nullptr) dir = tmpdir;
+
+ // If we still have no directory, we'll give you a default.
+ // It's useless for apps, but good enough for the shell.
+ if (dir == nullptr) dir = "/data/local/tmp";
+
+ // Default prefix?
+ if (prefix == nullptr) prefix = "tempnam.";
+
+ // Make up a mktemp(3) template and defer to it for the real work.
+ char* path = nullptr;
+ if (asprintf(&path, "%s/%sXXXXXXXXXX", dir, prefix) == -1) return nullptr;
+ if (mktemp(path) == nullptr) {
+ free(path);
+ return nullptr;
+ }
+ return path;
+}
+
+char* tmpnam(char* s) {
+ // This function is a terrible idea, marked deprecated in our headers,
+ // and marked obsolescent by POSIX-1.2008, but we make some effort anyway
+ // since we can't easily remove it...
+
+ // Default buffer?
+ static char buf[L_tmpnam];
+ if (s == nullptr) s = buf;
+
+ // Use $TMPDIR if set, or fall back to /data/local/tmp otherwise.
+ // Useless for apps, but good enough for the shell.
+ const char* dir = getenv("TMPDIR");
+ if (dir == nullptr) dir = "/data/local/tmp";
+
+ // Make up a mktemp(3) template and defer to it for the real work.
+ snprintf(s, L_tmpnam, "%s/tmpnam.XXXXXXXXXX", dir);
+ return mktemp(s);
+}
diff --git a/libc/include/stdio.h b/libc/include/stdio.h
index 1bf578c..9de12a4 100644
--- a/libc/include/stdio.h
+++ b/libc/include/stdio.h
@@ -160,7 +160,7 @@
int vsprintf(char* __s, const char* __fmt, va_list __args)
__printflike(2, 0) __warnattr_strict("vsprintf is often misused; please use vsnprintf");
char* tmpnam(char* __s)
- __warnattr("tempnam is unsafe, use mkstemp or tmpfile instead");
+ __warnattr("tmpnam is unsafe, use mkstemp or tmpfile instead");
#define P_tmpdir "/tmp/" /* deprecated */
char* tempnam(const char* __dir, const char* __prefix)
__warnattr("tempnam is unsafe, use mkstemp or tmpfile instead");
diff --git a/libc/upstream-openbsd/lib/libc/stdio/tempnam.c b/libc/upstream-openbsd/lib/libc/stdio/tempnam.c
deleted file mode 100644
index d2c848c..0000000
--- a/libc/upstream-openbsd/lib/libc/stdio/tempnam.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/* $OpenBSD: tempnam.c,v 1.20 2017/11/28 06:55:49 tb Exp $ */
-/*
- * Copyright (c) 1988, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <errno.h>
-#include <limits.h>
-#include <paths.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-__warn_references(tempnam,
- "tempnam() possibly used unsafely; consider using mkstemp()");
-
-char *
-tempnam(const char *dir, const char *pfx)
-{
- int sverrno, len;
- char *f, *name;
-
- if (!(name = malloc(PATH_MAX)))
- return(NULL);
-
- if (!pfx)
- pfx = "tmp.";
-
- if (issetugid() == 0 && (f = getenv("TMPDIR")) && *f != '\0') {
- len = snprintf(name, PATH_MAX, "%s%s%sXXXXXXXXXX", f,
- f[strlen(f) - 1] == '/' ? "" : "/", pfx);
- if (len < 0 || len >= PATH_MAX) {
- errno = ENAMETOOLONG;
- goto fail;
- }
- if ((f = _mktemp(name)))
- return(f);
- }
-
- if (dir != NULL) {
- f = *dir ? (char *)dir : ".";
- len = snprintf(name, PATH_MAX, "%s%s%sXXXXXXXXXX", f,
- f[strlen(f) - 1] == '/' ? "" : "/", pfx);
- if (len < 0 || len >= PATH_MAX) {
- errno = ENAMETOOLONG;
- goto fail;
- }
- if ((f = _mktemp(name)))
- return(f);
- }
-
- f = P_tmpdir;
- len = snprintf(name, PATH_MAX, "%s%sXXXXXXXXX", f, pfx);
- if (len < 0 || len >= PATH_MAX) {
- errno = ENAMETOOLONG;
- goto fail;
- }
- if ((f = _mktemp(name)))
- return(f);
-
- f = _PATH_TMP;
- len = snprintf(name, PATH_MAX, "%s%sXXXXXXXXX", f, pfx);
- if (len < 0 || len >= PATH_MAX) {
- errno = ENAMETOOLONG;
- goto fail;
- }
- if ((f = _mktemp(name)))
- return(f);
-
-fail:
- sverrno = errno;
- free(name);
- errno = sverrno;
- return(NULL);
-}
diff --git a/libc/upstream-openbsd/lib/libc/stdio/tmpnam.c b/libc/upstream-openbsd/lib/libc/stdio/tmpnam.c
deleted file mode 100644
index 52cd43d..0000000
--- a/libc/upstream-openbsd/lib/libc/stdio/tmpnam.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/* $OpenBSD: tmpnam.c,v 1.12 2017/11/28 06:55:49 tb Exp $ */
-/*-
- * Copyright (c) 1990, 1993, 1994
- * The Regents of the University of California. All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Chris Torek.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/types.h>
-
-#include <stdio.h>
-#include <unistd.h>
-
-__warn_references(tmpnam,
- "tmpnam() possibly used unsafely; consider using mkstemp()");
-
-char *
-tmpnam(char *s)
-{
- static u_long tmpcount;
- static char buf[L_tmpnam];
-
- if (s == NULL)
- s = buf;
- (void)snprintf(s, L_tmpnam, "%stmp.%lu.XXXXXXXXX", P_tmpdir, tmpcount);
- ++tmpcount;
- return (_mktemp(s));
-}
diff --git a/tests/stdio_test.cpp b/tests/stdio_test.cpp
index c21c3b8..5680f95 100644
--- a/tests/stdio_test.cpp
+++ b/tests/stdio_test.cpp
@@ -33,6 +33,7 @@
#include <vector>
#include <android-base/file.h>
+#include <android-base/test_utils.h>
#include <android-base/unique_fd.h>
#include "BionicDeathTest.h"
@@ -2816,3 +2817,69 @@
ASSERT_TRUE(fp == nullptr);
ASSERT_EQ(ENOENT, errno);
}
+
+static void tempnam_test(bool has_TMPDIR, const char* dir, const char* prefix, const char* re) {
+ if (has_TMPDIR) {
+ setenv("TMPDIR", "/my/tmp/dir", 1);
+ } else {
+ unsetenv("TMPDIR");
+ }
+ char* s1 = tempnam(dir, prefix);
+ char* s2 = tempnam(dir, prefix);
+ ASSERT_MATCH(s1, re);
+ ASSERT_MATCH(s2, re);
+ ASSERT_STRNE(s1, s2);
+ free(s1);
+ free(s2);
+}
+
+TEST(STDIO_TEST, tempnam__system_directory_system_prefix_with_TMPDIR) {
+ tempnam_test(true, nullptr, nullptr, "^/my/tmp/dir/.*");
+}
+
+TEST(STDIO_TEST, tempnam__system_directory_system_prefix_without_TMPDIR) {
+ tempnam_test(false, nullptr, nullptr, "^/data/local/tmp/.*");
+}
+
+TEST(STDIO_TEST, tempnam__system_directory_user_prefix_with_TMPDIR) {
+ tempnam_test(true, nullptr, "prefix", "^/my/tmp/dir/prefix.*");
+}
+
+TEST(STDIO_TEST, tempnam__system_directory_user_prefix_without_TMPDIR) {
+ tempnam_test(false, nullptr, "prefix", "^/data/local/tmp/prefix.*");
+}
+
+TEST(STDIO_TEST, tempnam__user_directory_system_prefix_with_TMPDIR) {
+ tempnam_test(true, "/a/b/c", nullptr, "^/my/tmp/dir/.*");
+}
+
+TEST(STDIO_TEST, tempnam__user_directory_system_prefix_without_TMPDIR) {
+ tempnam_test(false, "/a/b/c", nullptr, "^/a/b/c/.*");
+}
+
+TEST(STDIO_TEST, tempnam__user_directory_user_prefix_with_TMPDIR) {
+ tempnam_test(true, "/a/b/c", "prefix", "^/my/tmp/dir/prefix.*");
+}
+
+TEST(STDIO_TEST, tempnam__user_directory_user_prefix_without_TMPDIR) {
+ tempnam_test(false, "/a/b/c", "prefix", "^/a/b/c/prefix.*");
+}
+
+static void tmpnam_test(char* s) {
+ char s1[L_tmpnam], s2[L_tmpnam];
+
+ strcpy(s1, tmpnam(s));
+ strcpy(s2, tmpnam(s));
+ ASSERT_MATCH(s1, "/tmp/.*");
+ ASSERT_MATCH(s2, "/tmp/.*");
+ ASSERT_STRNE(s1, s2);
+}
+
+TEST(STDIO_TEST, tmpnam) {
+ tmpnam_test(nullptr);
+}
+
+TEST(STDIO_TEST, tmpnam_buf) {
+ char buf[L_tmpnam];
+ tmpnam_test(buf);
+}