[vlc-devel] commit: Added a utf8_mkstemp implementation. (Laurent Aimar )
Rémi Denis-Courmont
rem at videolan.org
Tue Nov 18 00:23:24 CET 2008
On Tuesday 18 November 2008 01:10:37 git version control, you wrote:
> + uint64_t i_rand = mdate();
This is (obviously) predictible pseudo-randomness, not immediately a problem,
but...
> + /* */
> + for( int i = 0; i < 256; i++ )
> + {
> + /* Create a pseudo random file name */
> + for( int j = 0; j < 6; j++ )
> + {
> + i_rand = i_rand * UINT64_C(1103515245) + 12345;
> + psz_rand[j] = digits[((i_rand >> 16) & 0xffff) % i_digits];
> + }
> +
> + /* */
> + int fd = utf8_open( template, O_CREAT | O_EXCL | O_RDWR, 0600 );
...we have an insecure file creation here. To avoid depending on O_NOFOLLOW,
we should probably use mkstemp() on those platform which do have it.
--
Rémi Denis-Courmont
More information about the vlc-devel
mailing list