| author | erik <erik> | 2007-01-26 21:43:58 (UTC) |
|---|---|---|
| committer | erik <erik> | 2007-01-26 21:43:58 (UTC) |
| commit | 3cd37427b5c5f26f62cff583fbde914467ddafe3 (patch) (side-by-side diff) | |
| tree | 664a2c1cf2198b69f94e9aa683133a3d92c98511 /core | |
| parent | f77da1ae08512b02a3c50a124f823ed77e53dd64 (diff) | |
| download | opie-3cd37427b5c5f26f62cff583fbde914467ddafe3.zip opie-3cd37427b5c5f26f62cff583fbde914467ddafe3.tar.gz opie-3cd37427b5c5f26f62cff583fbde914467ddafe3.tar.bz2 | |
Both files in this commit exhibit the wrong way to use temporary files.
For TEHistory.cpp, it uses tmpfile() which produces a file which has a
name that can be guessed.
For vmemo.cpp, it uses tmpname() which only creates a predictable string.
Both uses have been switched to using mkstemp() wrapped around umask(). This
produces a much less predictable file that also has guaranteed restrictive
permissions.
I went a little farther in vmemo because it calls out to the shell using
system to 'mv' the new file. That is kinda wasteful so I switched it to use
rename instead.
| -rw-r--r-- | core/applets/vmemo/vmemo.cpp | 41 |
1 files changed, 32 insertions, 9 deletions
diff --git a/core/applets/vmemo/vmemo.cpp b/core/applets/vmemo/vmemo.cpp index 8ba1eb7..1a8f154 100644 --- a/core/applets/vmemo/vmemo.cpp +++ b/core/applets/vmemo/vmemo.cpp @@ -330,11 +330,31 @@ bool VMemo::startRecording() { } // open tmp file here - char *pointer; - pointer=tmpnam(NULL); - odebug << "Opening tmp file " << pointer << "" << oendl; + char *tmpFilePath = 0; + char *tmpDir = getenv("TMPDIR"); + if (tmpDir && *tmpDir != '\0') { + tmpFilePath = new char[strlen(tmpDir) + strlen("/vmemo-wav-XXXXXX") + 1]; + strcpy(tmpFilePath, tmpDir); + free(tmpDir); + } else { + tmpFilePath = new char[strlen("/tmp/vmemo-wav-XXXXXX") + 1]; + strcpy(tmpFilePath, "/tmp"); + } + strcat(tmpFilePath, "/vmemo-wav-XXXXXX"); + mode_t currUmask = umask(S_IRWXO | S_IRWXG); + int tmpFd = mkstemp(tmpFilePath); + umask(currUmask); + if (tmpFd == -1) { + owarn << "Could not open temp file with template " << tmpFilePath + << oendl; + delete [] tmpFilePath; + return false; + } else + odebug << "Opened temp file " << tmpFilePath << "" << oendl; + + close(tmpFd); - if(openWAV(pointer ) == -1) { + if(openWAV(tmpFilePath ) == -1) { QString err("Could not open the temp file\n"); err += fileName; @@ -344,14 +364,17 @@ bool VMemo::startRecording() { } if( record() ) { - QString cmd; if( fileName.find(".wav",0,true) == -1) fileName += ".wav"; - cmd.sprintf("mv %s "+fileName, pointer); -// move tmp file to regular file here - - system(cmd.latin1()); + int retVal = rename(tmpFilePath, fileName.local8Bit()); + if (retVal == -1) { + owarn << "Could not move " << tmpFilePath << " to " << fileName + << oendl; + delete [] tmpFilePath; + return false; + } + delete [] tmpFilePath; QArray<int> cats(1); cats[0] = config.readNumEntry("Category", 0); |