mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 08:59:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Better randomization of stats filenames. (GH-30145)

Browse source
This commit is contained in:
Mark Shannon 2021-12-16 15:56:01 +00:00 committed by GitHub
parent 30322c497e
commit 86f42851c0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

16
Python/specialize.c
View file

@ -167,8 +167,20 @@ _Py_PrintSpecializationStats(int to_file)
# else
const char *dirname = "/tmp/py_stats/";
# endif
char buf[48];
sprintf(buf, "%s%u_%u.txt", dirname, (unsigned)clock(), (unsigned)rand());
/* Use random 160 bit number as file name,
* to avoid both accidental collisions and
* symlink attacks. */
unsigned char rand[20];
char hex_name[41];
_PyOS_URandomNonblock(rand, 20);
for (int i = 0; i < 20; i++) {
hex_name[2*i] = "0123456789abcdef"[rand[i]&15];
hex_name[2*i+1] = "0123456789abcdef"[(rand[i]>>4)&15];
}
hex_name[40] = '\0';
char buf[64];
assert(strlen(dirname) + 40 + strlen(".txt") < 64);
sprintf(buf, "%s%s.txt", dirname, hex_name);
FILE *fout = fopen(buf, "w");
if (fout) {
out = fout;