From cd7a01c34fc4304ef8161ee617568f274ace5d24 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Sun, 18 Mar 2018 23:13:40 +0100
Subject: Windows: Update libzip to version 1.5.0 that include fixes for some
 security issues.

---
 src/Common/libzip/mkstemp.c | 185 ++++++++++++++++++++++----------------------
 1 file changed, 94 insertions(+), 91 deletions(-)

(limited to 'src/Common/libzip/mkstemp.c')

diff --git a/src/Common/libzip/mkstemp.c b/src/Common/libzip/mkstemp.c
index 2ccd3a48..01a531fc 100644
--- a/src/Common/libzip/mkstemp.c
+++ b/src/Common/libzip/mkstemp.c
@@ -31,8 +31,8 @@
  * SUCH DAMAGE.
  */
 
-#include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/types.h>
 
 #include <assert.h>
 #include <ctype.h>
@@ -40,6 +40,9 @@
 #include <fcntl.h>
 #ifdef _WIN32
 #include <io.h>
+#include <process.h>
+#else
+#include <unistd.h>
 #endif
 #include <stdio.h>
 #include <stdlib.h>
@@ -50,101 +53,101 @@
 
 
 int
-_zip_mkstemp(char *path)
-{
+_zip_mkstemp(char *path) {
 #ifdef _WIN32
-	int ret;
-	ret = _creat(_mktemp(path), _S_IREAD|_S_IWRITE);
-	if (ret == -1) {
-		return 0;
-	} else {
-		return ret;
-	}
+    int ret;
+    ret = _creat(_mktemp(path), _S_IREAD | _S_IWRITE);
+    if (ret == -1) {
+	return 0;
+    }
+    else {
+	return ret;
+    }
 #else
-	int fd;   
-	char *start, *trv;
-	struct stat sbuf;
-	pid_t pid;
-
-	/* To guarantee multiple calls generate unique names even if
-	   the file is not created. 676 different possibilities with 7
-	   or more X's, 26 with 6 or less. */
-	static char xtra[2] = "aa";
-	int xcnt = 0;
-
-	pid = getpid();
-
-	/* Move to end of path and count trailing X's. */
-	for (trv = path; *trv; ++trv)
-		if (*trv == 'X')
-			xcnt++;
-		else
-			xcnt = 0;	
-
-	/* Use at least one from xtra.  Use 2 if more than 6 X's. */
-	if (*(trv - 1) == 'X')
-		*--trv = xtra[0];
-	if (xcnt > 6 && *(trv - 1) == 'X')
-		*--trv = xtra[1];
-
-	/* Set remaining X's to pid digits with 0's to the left. */
-	while (*--trv == 'X') {
-		*trv = (pid % 10) + '0';
-		pid /= 10;
+    int fd;
+    char *start, *trv;
+    struct stat sbuf;
+    pid_t pid;
+
+    /* To guarantee multiple calls generate unique names even if
+       the file is not created. 676 different possibilities with 7
+       or more X's, 26 with 6 or less. */
+    static char xtra[2] = "aa";
+    int xcnt = 0;
+
+    pid = getpid();
+
+    /* Move to end of path and count trailing X's. */
+    for (trv = path; *trv; ++trv)
+	if (*trv == 'X')
+	    xcnt++;
+	else
+	    xcnt = 0;
+
+    /* Use at least one from xtra.  Use 2 if more than 6 X's. */
+    if (*(trv - 1) == 'X')
+	*--trv = xtra[0];
+    if (xcnt > 6 && *(trv - 1) == 'X')
+	*--trv = xtra[1];
+
+    /* Set remaining X's to pid digits with 0's to the left. */
+    while (*--trv == 'X') {
+	*trv = (pid % 10) + '0';
+	pid /= 10;
+    }
+
+    /* update xtra for next call. */
+    if (xtra[0] != 'z')
+	xtra[0]++;
+    else {
+	xtra[0] = 'a';
+	if (xtra[1] != 'z')
+	    xtra[1]++;
+	else
+	    xtra[1] = 'a';
+    }
+
+    /*
+     * check the target directory; if you have six X's and it
+     * doesn't exist this runs for a *very* long time.
+     */
+    for (start = trv + 1;; --trv) {
+	if (trv <= path)
+	    break;
+	if (*trv == '/') {
+	    *trv = '\0';
+	    if (stat(path, &sbuf))
+		return (0);
+	    if (!S_ISDIR(sbuf.st_mode)) {
+		errno = ENOTDIR;
+		return (0);
+	    }
+	    *trv = '/';
+	    break;
 	}
-
-	/* update xtra for next call. */
-	if (xtra[0] != 'z')
-		xtra[0]++;
-	else {
-		xtra[0] = 'a';
-		if (xtra[1] != 'z')
-			xtra[1]++;
+    }
+
+    for (;;) {
+	if ((fd = open(path, O_CREAT | O_EXCL | O_RDWR | O_BINARY, 0600)) >= 0)
+	    return (fd);
+	if (errno != EEXIST)
+	    return (0);
+
+	/* tricky little algorithm for backward compatibility */
+	for (trv = start;;) {
+	    if (!*trv)
+		return (0);
+	    if (*trv == 'z')
+		*trv++ = 'a';
+	    else {
+		if (isdigit((unsigned char)*trv))
+		    *trv = 'a';
 		else
-			xtra[1] = 'a';
-	}
-
-	/*
-	 * check the target directory; if you have six X's and it
-	 * doesn't exist this runs for a *very* long time.
-	 */
-	for (start = trv + 1;; --trv) {
-		if (trv <= path)
-			break;
-		if (*trv == '/') {
-			*trv = '\0';
-			if (stat(path, &sbuf))
-				return (0);
-			if (!S_ISDIR(sbuf.st_mode)) {
-				errno = ENOTDIR;
-				return (0);
-			}
-			*trv = '/';
-			break;
-		}
-	}
-
-	for (;;) {
-		if ((fd=open(path, O_CREAT|O_EXCL|O_RDWR|O_BINARY, 0600)) >= 0)
-			return (fd);
-		if (errno != EEXIST)
-			return (0);
-
-		/* tricky little algorithm for backward compatibility */
-		for (trv = start;;) {
-			if (!*trv)
-				return (0);
-			if (*trv == 'z')
-				*trv++ = 'a';
-			else {
-				if (isdigit((unsigned char)*trv))
-					*trv = 'a';
-				else
-					++*trv;
-				break;
-			}
-		}
+		    ++*trv;
+		break;
+	    }
 	}
+    }
 	/*NOTREACHED*/
 #endif
 }
-- 
cgit v1.2.3