This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
ODBM_File: Avoid TOCTOU and using negative returns.
authorJarkko Hietaniemi <jhi@iki.fi>
Wed, 3 Feb 2016 15:53:23 +0000 (10:53 -0500)
committerJarkko Hietaniemi <jhi@iki.fi>
Sun, 7 Feb 2016 13:23:46 +0000 (08:23 -0500)
commited6087adbd9c90b59cf3f08af7c23a947c00bf69
tree58ecb1f2db9276fffdfa5cb64b825c93f161c882
parent1e9f22634282c74644393ada19904af81932b1dc
ODBM_File: Avoid TOCTOU and using negative returns.

Coverity CID 135022: Argument cannot be negative (NEGATIVE_RETURNS)
Coverity CID 135027: Time of check time of use (TOCTOU)

Replace use of stat()-guarded use of creat() (wow) with open(...O_EXCL...)
(when O_CREAT) so that there is no race condition (TOCTOU) window
between the stat() check for non-existence (which can fail also for
other reasons) and the two (sic) creat() calls.

Similarly, without O_CREAT, use open(...O_RDONLY...) instead of the stat().

Possible problem: arguably, systems old enough to be still using
ODBM_File (or requiring creat()) might not have the O_EXCL.
ext/ODBM_File/ODBM_File.xs