[vlc-devel] [PATCH v3 11/14] vorepository: replace use of insecure tempnam() function

Lyndon Brown jnqnfe at gmail.com
Wed Oct 14 04:55:58 CEST 2020 

From: Lyndon Brown <jnqnfe at gmail.com>
Date: Tue, 6 Oct 2020 02:55:30 +0100
Subject: vorepository: replace use of insecure tempnam() function

note, the code previously opened the file in O_WRONLY mode here, which has
changed to O_RDWR due to the underlying vlc_mkstemp() call used by
vlc_MakeTmpFile().

also note that the close of the FD is now done after reading the manifest,
such that for implementations of mkstemp that use exclusive access, we can
maintain that for the manifest reading (I presume it will not block the
second stream creation from the same process).

diff --git a/modules/misc/addons/vorepository.c b/modules/misc/addons/vorepository.c
index 06f02ce239..1f87268c4b 100644
--- a/modules/misc/addons/vorepository.c
+++ b/modules/misc/addons/vorepository.c
@@ -400,20 +400,10 @@ static int Retrieve( addons_finder_t *p_finder, addon_entry_t *p_entry )
         FREENULL( p_finder->p_sys->psz_tempfile );
     }
 
-    p_finder->p_sys->psz_tempfile = tempnam( NULL, "vlp" );
-    if ( !p_finder->p_sys->psz_tempfile )
-    {
-        msg_Err( p_finder, "Can't create temp storage file" );
-        vlc_stream_Delete( p_stream );
-        return VLC_EGENERIC;
-    }
-
-    int fd = vlc_open( p_finder->p_sys->psz_tempfile,
-                       O_WRONLY | O_CREAT | O_EXCL, 0600 );
+    int fd = vlc_MakeTmpFile(&p_finder->p_sys->psz_tempfile, PACKAGE_NAME"-vlp.");
     if( fd == -1 )
     {
-        msg_Err( p_finder, "Failed to open addon temp storage file" );
-        FREENULL(p_finder->p_sys->psz_tempfile);
+        msg_Err( p_finder, "Can't create temp storage file" );
         vlc_stream_Delete( p_stream );
         return VLC_EGENERIC;
     }
@@ -431,8 +421,6 @@ static int Retrieve( addons_finder_t *p_finder, addon_entry_t *p_entry )
             break;
         }
     }
-
-    vlc_close( fd );
     vlc_stream_Delete( p_stream );
 
     if (i_ret)
@@ -466,6 +454,10 @@ static int Retrieve( addons_finder_t *p_finder, addon_entry_t *p_entry )
     free( psz_tempfileuri );
     vlc_stream_Delete( p_stream );
 
+    /* Kept open until now to maintain exclusive access through manifest read
+       where exclusive access is implemented in temp file creation. */
+    vlc_close( fd );
+
     return i_ret;
 }

More information about the vlc-devel mailing list