From 932f46ae65ff8373f9ea41564c4de114d129e3e8 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 9 Feb 2018 15:21:18 +0000
Subject: mjit.c: exclusively create

* mjit.c (convert_unit_to_func): create new file exclusively.
  overwriting existing file could cause security issues.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62334 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 mjit.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'mjit.c')

diff --git a/mjit.c b/mjit.c
index 9c4269cc9f..660c238b44 100644
--- a/mjit.c
+++ b/mjit.c
@@ -747,6 +747,7 @@ convert_unit_to_func(struct rb_mjit_unit *unit)
 {
     char c_file_buff[70], *c_file = c_file_buff, *so_file, funcname[35];
     int success;
+    int fd;
     FILE *f;
     void *func;
     double start_time, end_time;
@@ -766,9 +767,11 @@ convert_unit_to_func(struct rb_mjit_unit *unit)
     memcpy(&so_file[c_file_len - sizeof(c_ext)], so_ext, sizeof(so_ext));
     sprintf(funcname, "_mjit%d", unit->id);
 
-    f = fopen(c_file, "w");
-    if (f == NULL) {
-        verbose(1, "Failed to fopen '%s', giving up JIT for it (%s)", c_file, strerror(errno));
+    fd = rb_cloexec_open(c_file, O_WRONLY|O_EXCL|O_CREAT, 0600);
+    if (fd < 0 || (f = fdopen(fd, "w")) == NULL) {
+        int e = errno;
+        if (fd >= 0) (void)close(fd);
+        verbose(1, "Failed to fopen '%s', giving up JIT for it (%s)", c_file, strerror(e));
         return (mjit_func_t)NOT_COMPILABLE_JIT_ISEQ_FUNC;
     }
 
-- 
cgit v1.2.3