[vlc-devel] [PATCH v2 13/13] vorepository: use vlc_MakeTmpFile (thus mkstemp) instead of tempnam
Lyndon Brown
jnqnfe at gmail.com
Tue Oct 6 21:00:44 CEST 2020
On Tue, 2020-10-06 at 09:20 +0200, Steve Lhomme wrote:
> On 2020-10-06 8:02, Lyndon Brown wrote:
> > From: Lyndon Brown <jnqnfe at gmail.com>
> > Date: Tue, 6 Oct 2020 02:55:30 +0100
> > Subject: vorepository: use vlc_MakeTmpFile (thus mkstemp) instead
> > of tempnam
> >
> > resolves warning about insecure function
> >
> > diff --git a/modules/misc/addons/vorepository.c
> > b/modules/misc/addons/vorepository.c
> > index 06f02ce239..72b751c775 100644
> > --- a/modules/misc/addons/vorepository.c
> > +++ b/modules/misc/addons/vorepository.c
> > @@ -400,20 +400,10 @@ static int Retrieve( addons_finder_t
> > *p_finder, addon_entry_t *p_entry )
> > FREENULL( p_finder->p_sys->psz_tempfile );
> > }
> >
> > - p_finder->p_sys->psz_tempfile = tempnam( NULL, "vlp" );
> > - if ( !p_finder->p_sys->psz_tempfile )
> > - {
> > - msg_Err( p_finder, "Can't create temp storage file" );
> > - vlc_stream_Delete( p_stream );
> > - return VLC_EGENERIC;
> > - }
> > -
> > - int fd = vlc_open( p_finder->p_sys->psz_tempfile,
> > - O_WRONLY | O_CREAT | O_EXCL, 0600 );
> > + int fd = vlc_MakeTmpFile(&p_finder->p_sys->psz_tempfile,
> > PACKAGE_NAME"-vlp.XXXXXX", NULL);
>
> There's a slight difference with the original code. vlc_mkstemp()
> uses
> O_RDWR while this code only uses O_WRONLY. It's worth mentioning it
> in
> the commit log.
Indeed. I didn't think it worth bothering to mention, but I'll do so.
> > if( fd == -1 )
> > {
> > - msg_Err( p_finder, "Failed to open addon temp storage
> > file" );
> > - FREENULL(p_finder->p_sys->psz_tempfile);
> > + msg_Err( p_finder, "Can't create temp storage file" );
> > vlc_stream_Delete( p_stream );
> > return VLC_EGENERIC;
> > }
More information about the vlc-devel
mailing list