[vlc-devel] [PATCH v2 13/13] vorepository: use vlc_MakeTmpFile (thus mkstemp) instead of tempnam
Steve Lhomme
robux4 at ycbcr.xyz
Tue Oct 6 09:20:07 CEST 2020
On 2020-10-06 8:02, Lyndon Brown wrote:
> From: Lyndon Brown <jnqnfe at gmail.com>
> Date: Tue, 6 Oct 2020 02:55:30 +0100
> Subject: vorepository: use vlc_MakeTmpFile (thus mkstemp) instead of tempnam
>
> resolves warning about insecure function
>
> diff --git a/modules/misc/addons/vorepository.c b/modules/misc/addons/vorepository.c
> index 06f02ce239..72b751c775 100644
> --- a/modules/misc/addons/vorepository.c
> +++ b/modules/misc/addons/vorepository.c
> @@ -400,20 +400,10 @@ static int Retrieve( addons_finder_t *p_finder, addon_entry_t *p_entry )
> FREENULL( p_finder->p_sys->psz_tempfile );
> }
>
> - p_finder->p_sys->psz_tempfile = tempnam( NULL, "vlp" );
> - if ( !p_finder->p_sys->psz_tempfile )
> - {
> - msg_Err( p_finder, "Can't create temp storage file" );
> - vlc_stream_Delete( p_stream );
> - return VLC_EGENERIC;
> - }
> -
> - int fd = vlc_open( p_finder->p_sys->psz_tempfile,
> - O_WRONLY | O_CREAT | O_EXCL, 0600 );
> + int fd = vlc_MakeTmpFile(&p_finder->p_sys->psz_tempfile, PACKAGE_NAME"-vlp.XXXXXX", NULL);
There's a slight difference with the original code. vlc_mkstemp() uses
O_RDWR while this code only uses O_WRONLY. It's worth mentioning it in
the commit log.
> if( fd == -1 )
> {
> - msg_Err( p_finder, "Failed to open addon temp storage file" );
> - FREENULL(p_finder->p_sys->psz_tempfile);
> + msg_Err( p_finder, "Can't create temp storage file" );
> vlc_stream_Delete( p_stream );
> return VLC_EGENERIC;
> }
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
>
More information about the vlc-devel
mailing list