util/mkhtemp: allow relative path with -p

but only -p not inside the library. that way, we retain security. symlinks resolved with use of -p; a warning will be added about this to the manpage, when written. Signed-off-by: Leah Rowe <leah@libreboot.org>
2026-03-25 13:29:03 +02:00 · 2026-03-24 20:23:00 +00:00
parent 715723c7ce
commit b8a045ef86
1 changed files with 21 additions and 0 deletions
--- a/util/libreboot-utils/mkhtemp.c
+++ b/util/libreboot-utils/mkhtemp.c
@@ -78,6 +78,8 @@ main(int argc, char *argv[])
 	int type = MKHTEMP_FILE;
 	size_t len;

+	char *rp;
+
 #if defined (PATH_LEN) && \
    (PATH_LEN) >= 256
 	size_t maxlen = PATH_LEN;
@@ -85,6 +87,8 @@ main(int argc, char *argv[])
 	size_t maxlen = 4096;
 #endif

+	char resolved[maxlen];
+
 	if (lbgetprogname(argv[0]) == NULL)
 		err_no_cleanup(errno, "could not set progname");

@@ -119,6 +123,23 @@ main(int argc, char *argv[])
 		err_no_cleanup(EINVAL,
 		    "usage: mkhtemp [-d] [-p dir] [template]\n");

+
+	/* user supplied -p PATH - WARNING:
+	 * this permits symlinks, but only here,
+	 * not in the library, so they are resolved
+	 * here first, and *only here*. the mkhtemp
+	 * library blocks them. be careful
+	 * when using -p
+	 */
+	if (tmpdir != NULL) {
+		rp = realpath(tmpdir, resolved);
+		if (rp == NULL)
+			err_no_cleanup(errno,
+			    "%s", tmpdir);
+
+		tmpdir = resolved;
+	}
+
 	if (new_tmp_common(&fd, &s, type, tmpdir) < 0)
 		err_no_cleanup(errno, "%s", s);