2010-05-14 00:27:05 +02:00
|
|
|
diff --git a/server/db.c b/server/db.c
|
|
|
|
|
index a4e1558..1d5f5b0 100644
|
|
|
|
|
--- a/server/db.c
|
|
|
|
|
+++ b/server/db.c
|
|
|
|
|
@@ -1059,21 +1059,16 @@ int new_lease_file ()
|
2007-01-10 17:39:58 +01:00
|
|
|
|
|
|
|
|
db_validity = lease_file_is_corrupt;
|
|
|
|
|
|
|
|
|
|
- /* %Audit% Truncated filename causes panic. %2004.06.17,Safe%
|
|
|
|
|
- * This should never happen since the path is a configuration
|
|
|
|
|
- * variable from build-time or command-line. But if it should,
|
|
|
|
|
- * either by malice or ignorance, we panic, since the potential
|
|
|
|
|
- * for havoc is high.
|
|
|
|
|
- */
|
|
|
|
|
- if (snprintf (newfname, sizeof newfname, "%s.%d",
|
|
|
|
|
- path_dhcpd_db, (int)t) >= sizeof newfname)
|
|
|
|
|
- log_fatal("new_lease_file: lease file path too long");
|
|
|
|
|
-
|
|
|
|
|
- db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664);
|
|
|
|
|
+ snprintf (newfname, sizeof(newfname), "%s.XXXXXX", path_dhcpd_db);
|
|
|
|
|
+ db_fd = mkstemp (newfname);
|
|
|
|
|
if (db_fd < 0) {
|
|
|
|
|
log_error ("Can't create new lease file: %m");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
+ if (fchmod(db_fd, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
|
|
|
|
|
+ log_error ("Can't fchmod new lease file: %m");
|
|
|
|
|
+ goto fail;
|
|
|
|
|
+ }
|
|
|
|
|
if ((new_db_file = fdopen(db_fd, "w")) == NULL) {
|
|
|
|
|
log_error("Can't fdopen new lease file: %m");
|
|
|
|
|
close(db_fd);
|
