On Wed, Jan 05, 2011 at 04:41:02PM -0300, Davidlohr Bueso wrote:
> > > + sprintf(tmp, "%s-XXXXXX", command->name);
> > > + if (-1 == (fd = mkstemp(tmp))) {
> > > fprintf (stderr, "Unable to create a unique filename\t%s\n",
> > > ERRSTRING);
> > > exit (1);
> > > }
> > > + /* we don't use this file really */
> > > + close(fd);
> > > + unlink(tmp);
> > > + free(tmp);
BTW, the tmpnam() is dangerous, because (man tmpnam):
possible that between the time that tmpnam() returns a pathname,
and the time that the program opens it, another program might create
that pathname using open(2), or create it as a symbolic link.
Your code with mkstemp() + close() + unlink() does exactly the same
mistake. The mkstemp() function is secure because it returns file
descriptor, the filename should not be used after close().
> > Sorry, but I don't understand this change at all. The temporary file
> > in the original code was used for the fifo. It seems that in your code
> > the command->name is uninitialized and your tmp file is unused. Right?
> >
> The way I see it, the original code doesn't use the string created by
It uses the string, tmpnam() copies the path to command->name.
> tmpnam (from the manpage I assume that it doesn't create the file,
> unlike mkstemp, but only returns the file's name):
>
> if (tmpnam (command->name) == NULL)
> {
> fprintf (stderr, "Unable to create a unique filename\t%s
> \n",
> ERRSTRING);
> exit (1);
> }
Karel
--
Karel Zak <kzak@xxxxxxxxxx>
http://karelzak.blogspot.com
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
