From ec06b220e424e2900e3c66dff6a3fde6a2327204 Mon Sep 17 00:00:00 2001
From: Joachim Nilsson <troglobit@gmail.com>
Date: Wed, 6 Nov 2019 07:04:06 +0100
Subject: [PATCH] If available, use O_TMPFILE, fix insecure tempfile found by
 Coverity

Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
---
 src/syslogd.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/syslogd.c b/src/syslogd.c
index 1717fcb..8e9e42c 100644
--- a/src/syslogd.c
+++ b/src/syslogd.c
@@ -2249,8 +2249,20 @@ static int cffwd(void)
 static FILE *cftemp(void)
 {
 	FILE *fp;
+#ifdef O_TMPFILE
+	mode_t oldmask;
+	int fd;
 
+	oldmask = umask(0077);
+	fd = open(_PATH_TMP, O_TMPFILE | O_RDWR | O_EXCL | O_CLOEXEC, S_IRUSR | S_IWUSR);
+	umask(oldmask);
+	if (-1 == fd)
+		return NULL;
+
+	fp = fdopen(fd, "w+");
+#else
 	fp = tmpfile();
+#endif
 	if (!fp)
 		return NULL;