Both files in this commit exhibit the wrong way to use temporary files.

For TEHistory.cpp, it uses tmpfile() which produces a file which has a name that can be guessed. For vmemo.cpp, it uses tmpname() which only creates a predictable string. Both uses have been switched to using mkstemp() wrapped around umask(). This produces a much less predictable file that also has guaranteed restrictive permissions. I went a little farther in vmemo because it calls out to the shell using system to 'mv' the new file. That is kinda wasteful so I switched it to use rename instead.
author: erik <erik> 2007-01-26 21:43:58 (UTC)
committer: erik <erik> 2007-01-26 21:43:58 (UTC)
commit: 3cd37427b5c5f26f62cff583fbde914467ddafe3 (patch) (unidiff)
tree: 664a2c1cf2198b69f94e9aa683133a3d92c98511
parent: f77da1ae08512b02a3c50a124f823ed77e53dd64 (diff)
download: opie-3cd37427b5c5f26f62cff583fbde914467ddafe3.zip
opie-3cd37427b5c5f26f62cff583fbde914467ddafe3.tar.gz
opie-3cd37427b5c5f26f62cff583fbde914467ddafe3.tar.bz2
2 files changed, 72 insertions, 28 deletions
diff --git a/core/applets/vmemo/vmemo.cpp b/core/applets/vmemo/vmemo.cpp
index 8ba1eb7..1a8f154 100644
--- a/core/applets/vmemo/vmemo.cpp
+++ b/core/applets/vmemo/vmemo.cpp
@@ -329,12 +329,32 @@ bool VMemo::startRecording() {
    msgLabel->show();
  }
        
-// open tmp file here
+  // open tmp file here
-  char *pointer;
+  char *tmpFilePath = 0;
-  pointer=tmpnam(NULL);
+  char *tmpDir = getenv("TMPDIR");
-  odebug << "Opening tmp file " << pointer << "" << oendl;
+  if (tmpDir && *tmpDir != '\0') {
+    tmpFilePath = new char[strlen(tmpDir) + strlen("/vmemo-wav-XXXXXX") + 1];
+    strcpy(tmpFilePath, tmpDir);
+    free(tmpDir);
+  } else {
+    tmpFilePath = new char[strlen("/tmp/vmemo-wav-XXXXXX") + 1];
+    strcpy(tmpFilePath, "/tmp");
+  }
+  strcat(tmpFilePath, "/vmemo-wav-XXXXXX");
+  mode_t currUmask = umask(S_IRWXO | S_IRWXG);
+  int tmpFd = mkstemp(tmpFilePath);
+  umask(currUmask);
+  if (tmpFd == -1) {
+    owarn << "Could not open temp file with template " << tmpFilePath
+          << oendl;
+    delete [] tmpFilePath;
+    return false;
+  } else
+    odebug << "Opened temp file " << tmpFilePath << "" << oendl;
+  close(tmpFd);
-  if(openWAV(pointer ) == -1)  {
+  if(openWAV(tmpFilePath ) == -1)  {
    QString err("Could not open the temp file\n");
    err += fileName;
@@ -344,27 +364,30 @@ bool VMemo::startRecording() {
  }
  if( record() ) {
-  QString cmd;
+    if( fileName.find(".wav",0,true) == -1)
-  if( fileName.find(".wav",0,true) == -1)
+        fileName += ".wav";
-      fileName += ".wav";
-  cmd.sprintf("mv %s "+fileName, pointer);
+    int retVal = rename(tmpFilePath, fileName.local8Bit());
-// move tmp file to regular file here
+    if (retVal == -1) {
+        owarn << "Could not move " << tmpFilePath << " to " << fileName
-  system(cmd.latin1());
+              << oendl;
+        delete [] tmpFilePath;
-  QArray<int> cats(1);
+        return false;
-  cats[0] = config.readNumEntry("Category", 0);
+    }
+    delete [] tmpFilePath;
-  QString dlName("vm_");
-  dlName += date;
+    QArray<int> cats(1);
-  DocLnk l;
+    cats[0] = config.readNumEntry("Category", 0);
-  l.setFile(fileName);
-  l.setName(dlName);
+    QString dlName("vm_");
-  l.setType("audio/x-wav");
+    dlName += date;
-  l.setCategories(cats);
+    DocLnk l;
-  l.writeLink();
+    l.setFile(fileName);
-  return true;
+    l.setName(dlName);
+    l.setType("audio/x-wav");
+    l.setCategories(cats);
+    l.writeLink();
+    return true;
  } else
      return false;
diff --git a/noncore/apps/opie-console/TEHistory.cpp b/noncore/apps/opie-console/TEHistory.cpp
index 317ce57..e2be42a 100644
--- a/noncore/apps/opie-console/TEHistory.cpp
+++ b/noncore/apps/opie-console/TEHistory.cpp
@@ -21,6 +21,7 @@
 #include <assert.h>
 #include <stdio.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <unistd.h>
 #include <errno.h>
@@ -96,9 +97,29 @@ void HistoryBuffer::setScroll(bool on)
  {
    assert( ion < 0 );
    assert( length == 0);
-    FILE* tmp = tmpfile(); if (!tmp) { perror("konsole: cannot open temp file.\n"); return; }
+    char* tmpDir = getenv("TMPDIR");
-    ion = dup(fileno(tmp)); if (ion<0) perror("konsole: cannot dup temp file.\n");
+    char* tmpFilePath = 0;
-    fclose(tmp);
+    if (tmpDir && *tmpDir != '\0') {
+        tmpFilePath = new char[strlen(tmpDir) + strlen("/opie-console-HistoryBuffer-XXXXXX") + 1];
+        strcpy(tmpFilePath, tmpDir);
+        free(tmpDir);
+    } else {
+        tmpFilePath = new char[strlen("/tmp/opie-console-HistoryBuffer-XXXXXX") + 1];
+        strcpy(tmpFilePath, "/tmp");
+    }
+    strcat(tmpFilePath, "/opie-console-HistoryBuffer-XXXXXX");
+    mode_t currUmask = umask(S_IRWXO | S_IRWXG);
+    int tmpfd = mkstemp(tmpFilePath);
+    delete [] tmpFilePath;
+    umask(currUmask);
+    if (tmpfd == -1) {
+        perror("konsole: cannot open temp file.\n");
+        return;
+    }
+    ion = dup(tmpfd);
+    if (ion<0)
+        perror("konsole: cannot dup temp file.\n");
+    close(tmpfd);
  }
  else
  {
author	erik <erik>	2007-01-26 21:43:58 (UTC)
committer	erik <erik>	2007-01-26 21:43:58 (UTC)
commit	3cd37427b5c5f26f62cff583fbde914467ddafe3 (patch) (unidiff)
tree	664a2c1cf2198b69f94e9aa683133a3d92c98511
parent	f77da1ae08512b02a3c50a124f823ed77e53dd64 (diff)
download	opie-3cd37427b5c5f26f62cff583fbde914467ddafe3.zip opie-3cd37427b5c5f26f62cff583fbde914467ddafe3.tar.gz opie-3cd37427b5c5f26f62cff583fbde914467ddafe3.tar.bz2

diff --git a/core/applets/vmemo/vmemo.cpp b/core/applets/vmemo/vmemo.cpp index 8ba1eb7..1a8f154 100644 --- a/core/applets/vmemo/vmemo.cpp +++ b/core/applets/vmemo/vmemo.cpp
@@ -329,12 +329,32 @@ bool VMemo::startRecording() {
329	msgLabel->show();	329	msgLabel->show();
330	}	330	}
331		331
332	// open tmp file here	332	// open tmp file here
333	char *pointer;	333	char *tmpFilePath = 0;
334	pointer=tmpnam(NULL);	334	char *tmpDir = getenv("TMPDIR");
335	odebug << "Opening tmp file " << pointer << "" << oendl;	335	if (tmpDir && *tmpDir != '\0') {
		336	tmpFilePath = new char[strlen(tmpDir) + strlen("/vmemo-wav-XXXXXX") + 1];
		337	strcpy(tmpFilePath, tmpDir);
		338	free(tmpDir);
		339	} else {
		340	tmpFilePath = new char[strlen("/tmp/vmemo-wav-XXXXXX") + 1];
		341	strcpy(tmpFilePath, "/tmp");
		342	}
		343	strcat(tmpFilePath, "/vmemo-wav-XXXXXX");
		344	mode_t currUmask = umask(S_IRWXO \| S_IRWXG);
		345	int tmpFd = mkstemp(tmpFilePath);
		346	umask(currUmask);
		347	if (tmpFd == -1) {
		348	owarn << "Could not open temp file with template " << tmpFilePath
		349	<< oendl;
		350	delete [] tmpFilePath;
		351	return false;
		352	} else
		353	odebug << "Opened temp file " << tmpFilePath << "" << oendl;
		354
		355	close(tmpFd);
336		356
337	if(openWAV(pointer ) == -1) {	357	if(openWAV(tmpFilePath ) == -1) {
338		358
339	QString err("Could not open the temp file\n");	359	QString err("Could not open the temp file\n");
340	err += fileName;	360	err += fileName;
@@ -344,27 +364,30 @@ bool VMemo::startRecording() {
344	}	364	}
345	if( record() ) {	365	if( record() ) {
346		366
347	QString cmd;	367	if( fileName.find(".wav",0,true) == -1)
348	if( fileName.find(".wav",0,true) == -1)	368	fileName += ".wav";
349	fileName += ".wav";
350		369
351	cmd.sprintf("mv %s "+fileName, pointer);	370	int retVal = rename(tmpFilePath, fileName.local8Bit());
352	// move tmp file to regular file here	371	if (retVal == -1) {
353		372	owarn << "Could not move " << tmpFilePath << " to " << fileName
354	system(cmd.latin1());	373	<< oendl;
355		374	delete [] tmpFilePath;
356	QArray<int> cats(1);	375	return false;
357	cats[0] = config.readNumEntry("Category", 0);	376	}
358		377	delete [] tmpFilePath;
359	QString dlName("vm_");	378
360	dlName += date;	379	QArray<int> cats(1);
361	DocLnk l;	380	cats[0] = config.readNumEntry("Category", 0);
362	l.setFile(fileName);	381
363	l.setName(dlName);	382	QString dlName("vm_");
364	l.setType("audio/x-wav");	383	dlName += date;
365	l.setCategories(cats);	384	DocLnk l;
366	l.writeLink();	385	l.setFile(fileName);
367	return true;	386	l.setName(dlName);
		387	l.setType("audio/x-wav");
		388	l.setCategories(cats);
		389	l.writeLink();
		390	return true;
368	} else	391	} else
369	return false;	392	return false;
370		393


diff --git a/noncore/apps/opie-console/TEHistory.cpp b/noncore/apps/opie-console/TEHistory.cpp index 317ce57..e2be42a 100644 --- a/noncore/apps/opie-console/TEHistory.cpp +++ b/noncore/apps/opie-console/TEHistory.cpp
@@ -21,6 +21,7 @@
21	#include <assert.h>	21	#include <assert.h>
22	#include <stdio.h>	22	#include <stdio.h>
23	#include <sys/types.h>	23	#include <sys/types.h>
		24	#include <sys/stat.h>
24	#include <unistd.h>	25	#include <unistd.h>
25	#include <errno.h>	26	#include <errno.h>
26		27
@@ -96,9 +97,29 @@ void HistoryBuffer::setScroll(bool on)
96	{	97	{
97	assert( ion < 0 );	98	assert( ion < 0 );
98	assert( length == 0);	99	assert( length == 0);
99	FILE* tmp = tmpfile(); if (!tmp) { perror("konsole: cannot open temp file.\n"); return; }	100	char* tmpDir = getenv("TMPDIR");
100	ion = dup(fileno(tmp)); if (ion<0) perror("konsole: cannot dup temp file.\n");	101	char* tmpFilePath = 0;
101	fclose(tmp);	102	if (tmpDir && *tmpDir != '\0') {
		103	tmpFilePath = new char[strlen(tmpDir) + strlen("/opie-console-HistoryBuffer-XXXXXX") + 1];
		104	strcpy(tmpFilePath, tmpDir);
		105	free(tmpDir);
		106	} else {
		107	tmpFilePath = new char[strlen("/tmp/opie-console-HistoryBuffer-XXXXXX") + 1];
		108	strcpy(tmpFilePath, "/tmp");
		109	}
		110	strcat(tmpFilePath, "/opie-console-HistoryBuffer-XXXXXX");
		111	mode_t currUmask = umask(S_IRWXO \| S_IRWXG);
		112	int tmpfd = mkstemp(tmpFilePath);
		113	delete [] tmpFilePath;
		114	umask(currUmask);
		115	if (tmpfd == -1) {
		116	perror("konsole: cannot open temp file.\n");
		117	return;
		118	}
		119	ion = dup(tmpfd);
		120	if (ion<0)
		121	perror("konsole: cannot dup temp file.\n");
		122	close(tmpfd);
102	}	123	}
103	else	124	else
104	{	125	{