From 70b6f35a846f7b85bd11e66c1f23feee6b369688 Mon Sep 17 00:00:00 2001
From: Nikolas Garofil <nikolas@garofil.be>
Date: Fri, 11 Feb 2011 18:30:04 +0100
Subject: [PATCH] fix racecondition in eve, based on a patch from Vasiliy
 Kulikov, based on a patch from Brandon

---
 src/eve.cc | 34 ++++++++++++++--------------------
 1 file changed, 14 insertions(+), 20 deletions(-)

diff --git a/src/eve.cc b/src/eve.cc
index 29b8c45c..40853d6a 100644
--- a/src/eve.cc
+++ b/src/eve.cc
@@ -254,19 +254,6 @@ static char *formatTime(struct tm *ends)
 	}
 }
 
-static int file_exists(const char *filename)
-{
-	struct stat fi;
-
-	if ((stat(filename, &fi)) == 0) {
-		if (fi.st_size > 0)
-			return 1;
-		else
-			return 0;
-	} else
-		return 0;
-}
-
 static void writeSkilltree(char *content, const char *filename)
 {
 	FILE *fp = fopen(filename, "w");
@@ -283,14 +270,12 @@ static char *getSkillname(const char *file, int skillid)
 	xmlDocPtr doc = 0;
 	xmlNodePtr root = 0;
 
-	if (!file_exists(file)) {
-		skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
-//2x file_exits() so that someone (malicious?) couldn't create it during during the previous call
-		if (!file_exists(file)) writeSkilltree(skilltree, file);
-		free(skilltree);
-	}
+	skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
+	writeSkilltree(skilltree, file);
+	free(skilltree);
 
 	doc = xmlReadFile(file, NULL, 0);
+	unlink(file);
 	if (!doc)
 		return NULL;
 
@@ -341,7 +326,7 @@ static char *getSkillname(const char *file, int skillid)
 static char *eve(char *userid, char *apikey, char *charid)
 {
 	Character *chr = NULL;
-	const char *skillfile = "/tmp/.cesf";
+	char skillfile[] = "/tmp/.cesfXXXXXX";
 	int i = 0;
 	char *output = 0;
 	char *timel = 0;
@@ -349,6 +334,7 @@ static char *eve(char *userid, char *apikey, char *charid)
 	char *content = 0;
 	time_t now = 0;
 	char *error = 0;
+	int tmp_fd, old_umask;
 
 
 	for (i = 0; i < MAXCHARS; i++) {
@@ -401,6 +387,14 @@ static char *eve(char *userid, char *apikey, char *charid)
 
 		output = (char *)malloc(200 * sizeof(char));
 		timel = formatTime(&chr->ends);
+		old_umask = umask(0066);
+		tmp_fd = mkstemp(skillfile);
+		umask(old_umask);
+		if (tmp_fd == -1) {
+			error = strdup("Cannot create temporary file");
+			return error;
+		}
+		close(tmp_fd);
 		skill = getSkillname(skillfile, chr->skill);
 
 		chr->skillname = strdup(skill);