From 5b2c9c3bedd3e4c89c60fb62aa8738c50455508d Mon Sep 17 00:00:00 2001 From: Karol Babioch Date: Thu, 5 Apr 2018 14:28:03 +0200 Subject: [PATCH] Use mkotemp() instead of mkstemp() This uses mkostemp() instead of mkstemp(), passing along the `O_CLOEXEC` flag, which makes sure that the file descriptor is closed and won't be leaked into any child process, which was previously an issue due to a missing fclose() (#136). --- pam_yubico.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam_yubico.c b/pam_yubico.c index c36ca0e5..e4672424 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -654,7 +654,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username) strcpy(tmpfile, userfile); strcat(tmpfile, TMPFILE_SUFFIX); - fd = mkstemp(tmpfile); + fd = mkostemp(tmpfile, O_CLOEXEC); if (fd < 0) { DBG ("Cannot open file: %s (%s)", tmpfile, strerror(errno)); goto restpriv_out;