From 4a2040bc0e31b797d1e666c14c969b49016d0dad Mon Sep 17 00:00:00 2001
From: Sylvestre Ledru <sylvestre@debian.org>
Date: Mon, 16 Jun 2014 20:31:15 +0000
Subject: [PATCH] Check that the directory does not exist. Otherwise, it could
 allows local users to obtain sensitive information or overwrite arbitrary
 files via a symlink attack on temporary directories with predictable names.

Reported as CVE-2014-2893 ( https://security-tracker.debian.org/tracker/CVE-2014-2893 )
Found by Jakub Wilk



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@211051 91177308-0d34-0410-b5e6-96231b3b80d8
---
 tools/scan-build/scan-build | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/scan-build/scan-build b/tools/scan-build/scan-build
index 862bd3a4ca..b740cd21e6 100755
--- a/tools/scan-build/scan-build
+++ b/tools/scan-build/scan-build
@@ -206,6 +206,12 @@ sub GetHTMLRunDir {
   else {
     $NewDir = "$Dir/$DateString-$RunNumber";
   }
+
+  # Make sure that the directory does not exist in order to avoid hijack.
+  if (-d $NewDir) {
+      DieDiag("The directory '$NewDir' already exists.\n");
+  }
+
   mkpath($NewDir);
   return $NewDir;
 }