make mkdtemp a lot more secure (still not fully secure but more).

2012-06-05 17:54:46 -05:00 · 2012-06-05 17:54:46 -05:00 · 10557e421e
commit 10557e421e
parent 3e6357aea9
1 changed files with 13 additions and 6 deletions
--- a/src/ec_file.erl
+++ b/src/ec_file.erl
@ -109,14 +109,21 @@ is_symlink(Path) ->
 %% function of the same name.
 -spec mkdtemp() -> TmpDirPath::path().
 mkdtemp() ->
-    UniqueNumber = integer_to_list(element(3, now())),
+    random:seed(now()),
+    UniqueNumber = erlang:integer_to_list(erlang:trunc(random:uniform() * 1000000000000)),
    TmpDirPath =
        filename:join([tmp(), lists:flatten([".tmp_dir", UniqueNumber])]),
-    try
-        ok = mkdir_path(TmpDirPath),
-        TmpDirPath
-    catch
-        _C:E -> throw(?UEX({mkdtemp_failed, E}, ?CHECK_PERMS_MSG, []))
+
+    case filelib:is_dir(TmpDirPath) of
+        true ->
+            throw(?UEX({mkdtemp_failed, file_exists}, "tmp directory exists", []));
+        false ->
+            try
+                ok = mkdir_path(TmpDirPath),
+                TmpDirPath
+            catch
+                _C:E -> throw(?UEX({mkdtemp_failed, E}, ?CHECK_PERMS_MSG, []))
+            end
    end.