umgeher/erlware_commons
0
Fork 0
Code Issues Pull requests Releases Activity

make mkdtemp a lot more secure (still not fully secure but more).

Browse source
This commit is contained in:
Eric Merritt 2012-06-05 17:54:46 -05:00
parent 3e6357aea9
commit 10557e421e
1 changed files with 13 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/ec_file.erl
View file

@ -109,14 +109,21 @@ is_symlink(Path) ->
%% function of the same name. %% function of the same name.
-spec mkdtemp() -> TmpDirPath::path(). -spec mkdtemp() -> TmpDirPath::path().
mkdtemp() -> mkdtemp() ->
UniqueNumber = integer_to_list(element(3, now())), random:seed(now()),
UniqueNumber = erlang:integer_to_list(erlang:trunc(random:uniform() * 1000000000000)),
TmpDirPath = TmpDirPath =
filename:join([tmp(), lists:flatten([".tmp_dir", UniqueNumber])]), filename:join([tmp(), lists:flatten([".tmp_dir", UniqueNumber])]),
try
ok = mkdir_path(TmpDirPath), case filelib:is_dir(TmpDirPath) of
TmpDirPath true ->
catch throw(?UEX({mkdtemp_failed, file_exists}, "tmp directory exists", []));
_C:E -> throw(?UEX({mkdtemp_failed, E}, ?CHECK_PERMS_MSG, [])) false ->
try
ok = mkdir_path(TmpDirPath),
TmpDirPath
catch
_C:E -> throw(?UEX({mkdtemp_failed, E}, ?CHECK_PERMS_MSG, []))
end
end. end.