From f62ac24d8fa4fe972b6bc9a3f942cd25367fe4d3 Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Mon, 16 Mar 2026 16:12:02 +0000
Subject: util/nvmutil: more secure mkstemp

try a few more times until success

explicitly return EEXIST when needed

we try multiple times and check more
thoroughly if a file exists, thus
reducing the risk of race conditions

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/nvmutil/nvmutil.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 13919804..58b9fdbf 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -3009,12 +3009,19 @@ static int
 x_i_mkstemp(char *template)
 {
 	int fd;
+	int i;
 
-	if (mktemp(template) == NULL)
-		return -1;
+	for (i = 0; i < 10; i++) {
+		if (mktemp(template) == NULL)
+			return -1;
 
-	fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600);
-	return fd;
+		fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600);
+		if (fd >= 0)
+			return fd;
+	}
+
+	errno = EEXIST;
+	return -1;
 }
 
 static char *
-- 
cgit v1.2.1