[vlc-devel] [PATCH v2 12/13] record: use vlc_MakeTmpFile (thus mkstemp) instead of tempnam
Rémi Denis-Courmont
remi at remlab.net
Tue Oct 6 16:58:06 CEST 2020
Le tiistaina 6. lokakuuta 2020, 9.01.44 EEST Lyndon Brown a écrit :
> From: Lyndon Brown <jnqnfe at gmail.com>
> Date: Tue, 6 Oct 2020 02:51:48 +0100
> Subject: record: use vlc_MakeTmpFile (thus mkstemp) instead of tempnam
>
> resolves warning about insecure function
>
> diff --git a/modules/stream_out/record.c b/modules/stream_out/record.c
> index ce2ce958e7..e0cf0e4345 100644
> --- a/modules/stream_out/record.c
> +++ b/modules/stream_out/record.c
> @@ -463,14 +463,16 @@ static void OutputStart( sout_stream_t *p_stream )
> for( unsigned i = 0; i < sizeof(ppsz_muxers) /
> sizeof(*ppsz_muxers); i++ ) {
> char *psz_file;
> - int i_es;
> -
> - psz_file = tempnam( NULL, "vlc" );
> - if( !psz_file )
> + int fd = vlc_MakeTmpFile(&psz_file, PACKAGE_NAME"-rec.XXXXXX",
> NULL); + if( fd == -1 )
> + {
> + msg_Warn( p_stream, "failed to create temporary file" );
> continue;
> + }
>
> msg_Dbg( p_stream, "probing muxer %s", ppsz_muxers[i][0] );
> - i_es = OutputNew( p_stream, ppsz_muxers[i][0], psz_file, NULL
> ); + int i_es = OutputNew( p_stream, ppsz_muxers[i][0],
> psz_file, NULL );
> + vlc_close( fd );
All of that rework and in the end, the real ToCToU bug is still not fixed.
>
> if( i_es < 0 )
> {
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
--
レミ・デニ-クールモン
http://www.remlab.net/
More information about the vlc-devel
mailing list