summaryrefslogtreecommitdiff
path: root/core
authorerik <erik>2007-01-26 21:43:58 (UTC)
committer erik <erik>2007-01-26 21:43:58 (UTC)
commit3cd37427b5c5f26f62cff583fbde914467ddafe3 (patch) (side-by-side diff)
tree664a2c1cf2198b69f94e9aa683133a3d92c98511 /core
parentf77da1ae08512b02a3c50a124f823ed77e53dd64 (diff)
downloadopie-3cd37427b5c5f26f62cff583fbde914467ddafe3.zip
opie-3cd37427b5c5f26f62cff583fbde914467ddafe3.tar.gz
opie-3cd37427b5c5f26f62cff583fbde914467ddafe3.tar.bz2
Both files in this commit exhibit the wrong way to use temporary files.
For TEHistory.cpp, it uses tmpfile() which produces a file which has a name that can be guessed. For vmemo.cpp, it uses tmpname() which only creates a predictable string. Both uses have been switched to using mkstemp() wrapped around umask(). This produces a much less predictable file that also has guaranteed restrictive permissions. I went a little farther in vmemo because it calls out to the shell using system to 'mv' the new file. That is kinda wasteful so I switched it to use rename instead.
Diffstat (limited to 'core') (more/less context) (ignore whitespace changes)
-rw-r--r--core/applets/vmemo/vmemo.cpp73
1 files changed, 48 insertions, 25 deletions
diff --git a/core/applets/vmemo/vmemo.cpp b/core/applets/vmemo/vmemo.cpp
index 8ba1eb7..1a8f154 100644
--- a/core/applets/vmemo/vmemo.cpp
+++ b/core/applets/vmemo/vmemo.cpp
@@ -330,10 +330,30 @@ bool VMemo::startRecording() {
}
-// open tmp file here
- char *pointer;
- pointer=tmpnam(NULL);
- odebug << "Opening tmp file " << pointer << "" << oendl;
+ // open tmp file here
+ char *tmpFilePath = 0;
+ char *tmpDir = getenv("TMPDIR");
+ if (tmpDir && *tmpDir != '\0') {
+ tmpFilePath = new char[strlen(tmpDir) + strlen("/vmemo-wav-XXXXXX") + 1];
+ strcpy(tmpFilePath, tmpDir);
+ free(tmpDir);
+ } else {
+ tmpFilePath = new char[strlen("/tmp/vmemo-wav-XXXXXX") + 1];
+ strcpy(tmpFilePath, "/tmp");
+ }
+ strcat(tmpFilePath, "/vmemo-wav-XXXXXX");
+ mode_t currUmask = umask(S_IRWXO | S_IRWXG);
+ int tmpFd = mkstemp(tmpFilePath);
+ umask(currUmask);
+ if (tmpFd == -1) {
+ owarn << "Could not open temp file with template " << tmpFilePath
+ << oendl;
+ delete [] tmpFilePath;
+ return false;
+ } else
+ odebug << "Opened temp file " << tmpFilePath << "" << oendl;
+
+ close(tmpFd);
- if(openWAV(pointer ) == -1) {
+ if(openWAV(tmpFilePath ) == -1) {
QString err("Could not open the temp file\n");
@@ -345,25 +365,28 @@ bool VMemo::startRecording() {
if( record() ) {
- QString cmd;
- if( fileName.find(".wav",0,true) == -1)
- fileName += ".wav";
+ if( fileName.find(".wav",0,true) == -1)
+ fileName += ".wav";
- cmd.sprintf("mv %s "+fileName, pointer);
-// move tmp file to regular file here
-
- system(cmd.latin1());
-
- QArray<int> cats(1);
- cats[0] = config.readNumEntry("Category", 0);
-
- QString dlName("vm_");
- dlName += date;
- DocLnk l;
- l.setFile(fileName);
- l.setName(dlName);
- l.setType("audio/x-wav");
- l.setCategories(cats);
- l.writeLink();
- return true;
+ int retVal = rename(tmpFilePath, fileName.local8Bit());
+ if (retVal == -1) {
+ owarn << "Could not move " << tmpFilePath << " to " << fileName
+ << oendl;
+ delete [] tmpFilePath;
+ return false;
+ }
+ delete [] tmpFilePath;
+
+ QArray<int> cats(1);
+ cats[0] = config.readNumEntry("Category", 0);
+
+ QString dlName("vm_");
+ dlName += date;
+ DocLnk l;
+ l.setFile(fileName);
+ l.setName(dlName);
+ l.setType("audio/x-wav");
+ l.setCategories(cats);
+ l.writeLink();
+ return true;
} else
return false;