util/nvmutil: more secure mkstemp

try a few more times until success

explicitly return EEXIST when needed

we try multiple times and check more
thoroughly if a file exists, thus
reducing the risk of race conditions

Signed-off-by: Leah Rowe <leah@libreboot.org>

1 files changed, 11 insertions, 4 deletions

diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 13919804..58b9fdbf 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -3009,12 +3009,19 @@ static int
 x_i_mkstemp(char *template)
 {
 	int fd;
+	int i;
 
-	if (mktemp(template) == NULL)
-		return -1;
+	for (i = 0; i < 10; i++) {
+		if (mktemp(template) == NULL)
+			return -1;
 
-	fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600);
-	return fd;
+		fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600);
+		if (fd >= 0)
+			return fd;
+	}
+
+	errno = EEXIST;
+	return -1;
 }
 
 static char *