mingw: avoid mktemp() in mkstemp() implementation

The implementation of mkstemp() for MinGW uses mktemp() and open()
without the flag O_EXCL, which is racy.  It's not a security problem
for now because all of its callers only create files within the
repository (incl. worktrees).  Replace it with a call to our more
secure internal function, git_mkstemp_mode(), to prevent possible
future issues.

Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/compat/mingw.c b/compat/mingw.c
index 41fc16310c8018057be238efdd348fdee94616bd..e92087acc659e65b3ce8bc1ee9ea78cce5537efb 100644 (file)
--- a/compat/mingw.c
+++ b/compat/mingw.c
@@ -1044,10 +1044,7 @@ char *mingw_mktemp(char *template)
 
 int mkstemp(char *template)
 {
-       char *filename = mktemp(template);
-       if (filename == NULL)
-               return -1;
-       return open(filename, O_RDWR | O_CREAT, 0600);
+       return git_mkstemp_mode(template, 0600);
 }
 
 int gettimeofday(struct timeval *tv, void *tz)