From 1c118bea61453beb66cb2ecb401cf3c51818f0b7 Mon Sep 17 00:00:00 2001
From: Enno Boland <g@s01.de>
Date: Thu, 10 Aug 2023 13:53:21 +0200
Subject: [PATCH] tools/unpack: replace unlink/extract semantic with
 extract/move.

This fixes a time-of-creation to time-of-use race condition vulnerability.
---
 tools/unpack.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/tools/unpack.c b/tools/unpack.c
index 9993857f9..883a0e040 100644
--- a/tools/unpack.c
+++ b/tools/unpack.c
@@ -163,10 +163,16 @@ extract_file(
 		const struct PathStack *path_stack) {
 	int rv = 0;
 	FILE *stream = NULL;
+	char tmp_filename[] = ".sqsh-unpack-XXXXXX";
 
-	stream = fopen(filename, "w");
+	int fd = mkstemp(tmp_filename);
+	if (fd < 0) {
+		print_err(rv = -errno, "mkstemp", path_stack);
+		goto out;
+	}
+	stream = fdopen(fd, "w");
 	if (stream == NULL) {
-		print_err(rv = -errno, "fopen", path_stack);
+		print_err(rv = -errno, "fdopen", path_stack);
 		goto out;
 	}
 
@@ -177,6 +183,12 @@ extract_file(
 		goto out;
 	}
 	fclose(stream);
+
+	rv = rename(tmp_filename, filename);
+	if (rv < 0 && errno != ENOENT) {
+		print_err(rv = -errno, "unlink", path_stack);
+		goto out;
+	}
 out:
 	return rv;
 }