diff options
| author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-02-09 15:21:18 +0000 |
|---|---|---|
| committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-02-09 15:21:18 +0000 |
| commit | 932f46ae65ff8373f9ea41564c4de114d129e3e8 (patch) | |
| tree | 2d354eae1c46679af1da1f8073d1ed1fb3e1d7cf | |
| parent | 63abedabf81d682db1a3063562c6141821e2023d (diff) | |
mjit.c: exclusively create
* mjit.c (convert_unit_to_func): create new file exclusively.
overwriting existing file could cause security issues.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62334 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | mjit.c | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -747,6 +747,7 @@ convert_unit_to_func(struct rb_mjit_unit *unit) { char c_file_buff[70], *c_file = c_file_buff, *so_file, funcname[35]; int success; + int fd; FILE *f; void *func; double start_time, end_time; @@ -766,9 +767,11 @@ convert_unit_to_func(struct rb_mjit_unit *unit) memcpy(&so_file[c_file_len - sizeof(c_ext)], so_ext, sizeof(so_ext)); sprintf(funcname, "_mjit%d", unit->id); - f = fopen(c_file, "w"); - if (f == NULL) { - verbose(1, "Failed to fopen '%s', giving up JIT for it (%s)", c_file, strerror(errno)); + fd = rb_cloexec_open(c_file, O_WRONLY|O_EXCL|O_CREAT, 0600); + if (fd < 0 || (f = fdopen(fd, "w")) == NULL) { + int e = errno; + if (fd >= 0) (void)close(fd); + verbose(1, "Failed to fopen '%s', giving up JIT for it (%s)", c_file, strerror(e)); return (mjit_func_t)NOT_COMPILABLE_JIT_ISEQ_FUNC; } |