[vlc-devel] [PATCH v3 10/14] record: replace use of insecure tempnam() function

[Lyndon Brown]

From: Lyndon Brown <jnqnfe at gmail.com>
Date: Tue, 6 Oct 2020 02:51:48 +0100
Subject: record: replace use of insecure tempnam() function


diff --git a/modules/stream_out/record.c b/modules/stream_out/record.c
index f7a24fba3d..53cc812069 100644
--- a/modules/stream_out/record.c
+++ b/modules/stream_out/record.c
@@ -467,9 +467,12 @@ static void OutputStart( sout_stream_t *p_stream )
             char *psz_file;
             int i_es;
 
-            psz_file = tempnam( NULL, "vlc" );
-            if( !psz_file )
+            int fd = vlc_MakeTmpFile(&psz_file, PACKAGE_NAME"-rec.");
+            if( fd == -1 )
+            {
+                msg_Warn( p_stream, "failed to create temporary file" );
                 continue;
+            }
 
             msg_Dbg( p_stream, "probing muxer %s", ppsz_muxers[i][0] );
             i_es = OutputNew( p_stream, ppsz_muxers[i][0], psz_file, NULL );
@@ -478,6 +481,7 @@ static void OutputStart( sout_stream_t *p_stream )
             {
                 vlc_unlink( psz_file );
                 free( psz_file );
+                vlc_close( fd );
                 continue;
             }
 
@@ -504,6 +508,7 @@ static void OutputStart( sout_stream_t *p_stream )
             }
             vlc_unlink( psz_file );
             free( psz_file );
+            vlc_close( fd );
         }
 
         /* */