From 545db8cd292957158bf3fa1c1c370e4be83c6688 Mon Sep 17 00:00:00 2001
From: Robert Buchholz <rbu@goodpoint.de>
Date: Tue, 6 Jan 2009 23:26:00 +0100
Subject: [PATCH] Use mktemp instead of relying that $$-$RANDOM-$RANDOM does not exist.

References:
* CVE-2008-4953
* https://bugs.gentoo.org/246013
---
 firehol.sh |   25 +++++++++----------------
 1 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/firehol.sh b/firehol.sh
index 6acb497..f5dba16 100755
--- a/firehol.sh
+++ b/firehol.sh
@@ -238,8 +238,15 @@ ${IPTABLES_CMD} -nxvL >/dev/null 2>&1
 # ----------------------------------------------------------------------
 # Directories and files
 
-# These files will be created and deleted during our run.
-FIREHOL_DIR="/tmp/.firehol-tmp-$$-${RANDOM}-${RANDOM}"
+# Create an empty temporary directory we need for this run.
+if ! FIREHOL_DIR="`mktemp -d -t .firehol-tmp-XXXXXX`"
+then
+            echo >&2
+            echo >&2
+            echo >&2 "Cannot create temporary directory."
+            echo >&2
+            exit 1
+fi
 FIREHOL_CHAINS_DIR="${FIREHOL_DIR}/chains"
 FIREHOL_OUTPUT="${FIREHOL_DIR}/firehol-out.sh"
 FIREHOL_SAVED="${FIREHOL_DIR}/firehol-save.sh"
@@ -329,20 +336,6 @@ then
 	"${CHMOD_CMD}" 700 "${FIREHOL_CONFIG_DIR}/services"
 fi
 
-# Remove any old directories that might be there.
-if [ -d "${FIREHOL_DIR}" ]
-then
-	"${RM_CMD}" -rf "${FIREHOL_DIR}"
-	if [ $? -ne 0 -o -e "${FIREHOL_DIR}" ]
-	then
-		echo >&2
-		echo >&2
-		echo >&2 "Cannot clean temporary directory '${FIREHOL_DIR}'."
-		echo >&2
-		exit 1
-	fi
-fi
-"${MKDIR_CMD}" "${FIREHOL_DIR}"				|| exit 1
 "${MKDIR_CMD}" "${FIREHOL_CHAINS_DIR}"			|| exit 1
 
 # prepare the file that will hold all modules to be loaded.
-- 
1.6.0.4