From 6dee97715003d5f508f5e9e761f7ad8ae259254e Mon Sep 17 00:00:00 2001
From: Ralf Wildenhues <Ralf.Wildenhues@gmx.de>
Date: Sun, 18 Dec 2005 21:52:53 +0000
Subject: [PATCH] * ltmain.in (func_mktempdir): New, backported from HEAD.
 (relink mode): Use it.  Fixes potential denial of service through malicious
 other local user. Reported by James Kosin <jkosin@intcomgrp.com>.

---
 ChangeLog |  7 +++++++
 ltmain.in | 50 ++++++++++++++++++++++++++++++++++++++------------
 2 files changed, 45 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 638bbd925..b6a21129f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2005-12-18  Ralf Wildenhues <Ralf.Wildenhues@gmx.de>
+
+	* ltmain.in (func_mktempdir): New, backported from HEAD.
+	(relink mode): Use it.  Fixes potential denial of service
+	through malicious other local user.
+	Reported by James Kosin <jkosin@intcomgrp.com>.
+
 2005-12-18  Peter O'Gorman  <peter@pogma.com>,
 	    Ralf Wildenhues  <Ralf.Wildenhues@gmx.de>
 
diff --git a/ltmain.in b/ltmain.in
index 05b0687ca..807729477 100644
--- a/ltmain.in
+++ b/ltmain.in
@@ -141,6 +141,43 @@ o2lo="s/\\.${objext}\$/.lo/"
 # Shell function definitions:
 # This seems to be the best place for them
 
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible.  If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+    my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+    if test "$run" = ":"; then
+      # Return a directory name, but don't create it in dry-run mode
+      my_tmpdir="${my_template}-$$"
+    else
+
+      # If mktemp works, use that first and foremost
+      my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+      if test ! -d "$my_tmpdir"; then
+	# Failing that, at least try and use $RANDOM to avoid a race
+	my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+	save_mktempdir_umask=`umask`
+	umask 0077
+	$mkdir "$my_tmpdir"
+	umask $save_mktempdir_umask
+      fi
+
+      # If we're not in dry-run mode, bomb out on failure
+      test -d "$my_tmpdir" || {
+        $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2
+	exit $EXIT_FAILURE
+      }
+    fi
+
+    $echo "X$my_tmpdir" | $Xsed
+}
+
+
 # func_win32_libid arg
 # return the library type of file 'arg'
 #
@@ -6096,18 +6133,7 @@ relink_command=\"$relink_command\""
 	  outputname=
 	  if test "$fast_install" = no && test -n "$relink_command"; then
 	    if test "$finalize" = yes && test -z "$run"; then
-	      tmpdir="/tmp"
-	      test -n "$TMPDIR" && tmpdir="$TMPDIR"
-	      tmpdir="$tmpdir/libtool-$$"
-	      save_umask=`umask`
-	      umask 0077
-	      if $mkdir "$tmpdir"; then
-	        umask $save_umask
-	      else
-	        umask $save_umask
-		$echo "$modename: error: cannot create temporary directory \`$tmpdir'" 1>&2
-		continue
-	      fi
+	      tmpdir=`func_mktempdir`
 	      file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
 	      outputname="$tmpdir/$file"
 	      # Replace the output file specification.
-- 
2.47.3