From 491998131f18d136ca37f15898d07062ad7a1fae Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 24 Feb 2021 21:50:11 +0100
Subject: lacme: improve install_cert()'s handling of temporary files.

---
 lacme | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/lacme b/lacme
index b52cddd..102deb6 100755
--- a/lacme
+++ b/lacme
@@ -660,12 +660,10 @@ sub spawn($@) {
 #
 sub install_cert(%) {
     my %args = @_;
-    my $filename = $args{path} // die;
+    my $path = $args{path} // die;
 
-    my ($dirname, $basename) =
-        $filename =~ /\A(.*)\/([^\/]+)\z/ ? ($1, $2) : ('.', $filename);
-    my $fh = File::Temp::->new(UNLINK => 0, DIR => $dirname,
-                               TEMPLATE => "$basename.XXXXXX") // die;
+    my $fh = File::Temp::->new(TEMPLATE => "$path.XXXXXXXXXX", UNLINK => 0) // die;
+    my $path_tmp = $fh->filename();
 
     eval {
         if ($args{nochain}) {
@@ -707,13 +705,14 @@ sub install_cert(%) {
         $fh->close() or die "close: $!";
     };
 
-    my $path = $fh->filename();
     if ($@) {
-        print STDERR "Unlinking $path\n" if $OPTS{debug};
-        unlink $path or warn "unlink($path): $!";
+        print STDERR "Unlinking $path_tmp\n" if $OPTS{debug};
+        unlink $path_tmp or warn "unlink($path_tmp): $!";
         die $@;
+    } else {
+        # atomically replace $path if it exists
+        rename($path_tmp, $path) or die "rename($path_tmp, $path): $!";
     }
-    rename($path, $filename) or die "rename($path, $filename): $!";
 }
 
 
-- 
cgit v1.2.3