d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Replace tempnam() with mkstemp()

Browse Source 
The use of tempnam() is racy and it should be avoided in favor of
mkstemp().  According to the Linux tempnam(3) man page.

  "Although tempnam() generates names that are difficult to guess,
  it is nevertheless possible that between the time that tempnam()
  returns a pathname, and the time that the program opens it, another
  program might create that pathname using open(2), or create it as
  a symbolic link.  This can lead to security holes.  To avoid such
  possibilities, use the open(2) O_EXCL flag to open the  pathname.
  Or better yet, use mkstemp(3) or tmpfile(3)."

This issue was flagged by gcc.

  ztest.o: In function `setup_data_fd': cmd/ztest/ztest.c:5822:
  warning: the use of `tempnam' is dangerous, better use `mkstemp'

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
This commit is contained in:
Brian Behlendorf 2012-10-04 11:36:52 -07:00
parent 483106eb71
commit facbbe4366
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/ztest/ztest.c
View File

@ -5819,11 +5819,11 @@ ztest_init(ztest_shared_t *zs)
static void
setup_data_fd(void)
{
char *tmp = tempnam(NULL, NULL);
ztest_fd_data = open(tmp, O_RDWR | O_CREAT, 0700);
static char ztest_name_data[] = "/tmp/ztest.data.XXXXXX";
ztest_fd_data = mkstemp(ztest_name_data);
ASSERT3S(ztest_fd_data, >=, 0);
(void) unlink(tmp);
free(tmp);
(void) unlink(ztest_name_data);
}
static int