Use mkotemp() instead of mkstemp()

This uses mkostemp() instead of mkstemp(), passing along the `O_CLOEXEC` flag, which makes sure that the file descriptor is closed and won't be leaked into any child process, which was previously an issue due to a missing fclose() (Yubico#136).
kbabioch · Apr 6, 2018 · 19b6b36 · 19b6b36
1 parent 7f33526
commit 19b6b36
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pam_yubico.c b/pam_yubico.c
@@ -654,7 +654,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   strcpy(tmpfile, userfile);
   strcat(tmpfile, TMPFILE_SUFFIX);
 
-  fd = mkstemp(tmpfile);
+  fd = mkostemp(tmpfile, O_CLOEXEC);
   if (fd < 0) {
       DBG ("Cannot open file: %s (%s)", tmpfile, strerror(errno));
       goto restpriv_out;