util/mkhtemp: allow relative path with -p

but only -p

not inside the library. that way, we retain
security. symlinks resolved with use of -p;
a warning will be added about this to the
manpage, when written.

Signed-off-by: Leah Rowe <leah@libreboot.org>

1 files changed, 21 insertions, 0 deletions

diff --git a/util/libreboot-utils/mkhtemp.c b/util/libreboot-utils/mkhtemp.c
index 1f7c8b79..3fa4819f 100644
--- a/util/libreboot-utils/mkhtemp.c
+++ b/util/libreboot-utils/mkhtemp.c
@@ -78,6 +78,8 @@ main(int argc, char *argv[])
 	int type = MKHTEMP_FILE;
 	size_t len;
 
+	char *rp;
+
 #if defined (PATH_LEN) && \
     (PATH_LEN) >= 256
 	size_t maxlen = PATH_LEN;
@@ -85,6 +87,8 @@ main(int argc, char *argv[])
 	size_t maxlen = 4096;
 #endif
 
+	char resolved[maxlen];
+
 	if (lbgetprogname(argv[0]) == NULL)
 		err_no_cleanup(errno, "could not set progname");
 
@@ -119,6 +123,23 @@ main(int argc, char *argv[])
 		err_no_cleanup(EINVAL,
 		    "usage: mkhtemp [-d] [-p dir] [template]\n");
 
+
+	/* user supplied -p PATH - WARNING:
+	 * this permits symlinks, but only here,
+	 * not in the library, so they are resolved
+	 * here first, and *only here*. the mkhtemp
+	 * library blocks them. be careful
+	 * when using -p
+	 */
+	if (tmpdir != NULL) {
+		rp = realpath(tmpdir, resolved);
+		if (rp == NULL)
+			err_no_cleanup(errno,
+			    "%s", tmpdir);
+
+		tmpdir = resolved;
+	}
+
 	if (new_tmp_common(&fd, &s, type, tmpdir) < 0)
 		err_no_cleanup(errno, "%s", s);