Hello everybody. Hope you don't mind 2 cents from an outsider ...
On 02/23/2012 12:48 AM, Junio C Hamano wrote:
>
> Tim Henigan <tim.henigan@xxxxxxxxx> writes:
>
>> +# mktemp is not available on all platforms (missing from msysgit)
>> +# Use a hard-coded tmp dir if it is not available
>> +tmp="$(mktemp -d -t tmp.XXXXXX 2>/dev/null)" || {
>> + tmp=/tmp/git-diffall-tmp
>> +}
>
> It would not withstand malicious attacks, but doing
>
> tmp=/tmp/git-diffall-tmp.$$
>
> would at least protect you from accidental name crashes better in the
> fallback codepath.
>
Maybe this would be enough to withstand malicious attacks (even if not
denial-of-service attacks):
# mktemp is not available on all platforms (missing from msysgit)
tmp=$(mktemp -d -t tmp.XXXXXX 2>/dev/null) || {
tmp=/tmp/git-diffall-tmp.$$
mkdir "$tmp" || fatal "couldn't create temporary directory"
}
>
>> +mkdir -p "$tmp"
>
At which point this should be removed, of course.
Regards,
Stefano
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html