Both files in this commit exhibit the wrong way to use temporary files.

For TEHistory.cpp, it uses tmpfile() which produces a file which has a
name that can be guessed.

For vmemo.cpp, it uses tmpname() which only creates a predictable string.

Both uses have been switched to using mkstemp() wrapped around umask(). This
produces a much less predictable file that also has guaranteed restrictive
permissions.

I went a little farther in vmemo because it calls out to the shell using
system to 'mv' the new file. That is kinda wasteful so I switched it to use
rename instead.

1 files changed, 48 insertions, 25 deletions

diff --git a/core/applets/vmemo/vmemo.cpp b/core/applets/vmemo/vmemo.cpp
index 8ba1eb7..1a8f154 100644
--- a/core/applets/vmemo/vmemo.cpp
+++ b/core/applets/vmemo/vmemo.cpp
@@ -329,12 +329,32 @@ bool VMemo::startRecording() {
     msgLabel->show();
   }
         
-// open tmp file here
-  char *pointer;
-  pointer=tmpnam(NULL);
-  odebug << "Opening tmp file " << pointer << "" << oendl;
+  // open tmp file here
+  char *tmpFilePath = 0;
+  char *tmpDir = getenv("TMPDIR");
+  if (tmpDir && *tmpDir != '\0') {
+    tmpFilePath = new char[strlen(tmpDir) + strlen("/vmemo-wav-XXXXXX") + 1];
+    strcpy(tmpFilePath, tmpDir);
+    free(tmpDir);
+  } else {
+    tmpFilePath = new char[strlen("/tmp/vmemo-wav-XXXXXX") + 1];
+    strcpy(tmpFilePath, "/tmp");
+  }
+  strcat(tmpFilePath, "/vmemo-wav-XXXXXX");
+  mode_t currUmask = umask(S_IRWXO | S_IRWXG);
+  int tmpFd = mkstemp(tmpFilePath);
+  umask(currUmask);
+  if (tmpFd == -1) {
+    owarn << "Could not open temp file with template " << tmpFilePath
+          << oendl;
+    delete [] tmpFilePath;
+    return false;
+  } else
+    odebug << "Opened temp file " << tmpFilePath << "" << oendl;
+
+  close(tmpFd);
 
-  if(openWAV(pointer ) == -1)  {
+  if(openWAV(tmpFilePath ) == -1)  {
 
     QString err("Could not open the temp file\n");
     err += fileName;
@@ -344,27 +364,30 @@ bool VMemo::startRecording() {
   }
   if( record() ) {
 
-  QString cmd;
-  if( fileName.find(".wav",0,true) == -1)
-      fileName += ".wav";
+    if( fileName.find(".wav",0,true) == -1)
+        fileName += ".wav";
 
-  cmd.sprintf("mv %s "+fileName, pointer);
-// move tmp file to regular file here
-
-  system(cmd.latin1());
-
-  QArray<int> cats(1);
-  cats[0] = config.readNumEntry("Category", 0);
-
-  QString dlName("vm_");
-  dlName += date;
-  DocLnk l;
-  l.setFile(fileName);
-  l.setName(dlName);
-  l.setType("audio/x-wav");
-  l.setCategories(cats);
-  l.writeLink();
-  return true;
+    int retVal = rename(tmpFilePath, fileName.local8Bit());
+    if (retVal == -1) {
+        owarn << "Could not move " << tmpFilePath << " to " << fileName
+              << oendl;
+        delete [] tmpFilePath;
+        return false;
+    }
+    delete [] tmpFilePath;
+
+    QArray<int> cats(1);
+    cats[0] = config.readNumEntry("Category", 0);
+
+    QString dlName("vm_");
+    dlName += date;
+    DocLnk l;
+    l.setFile(fileName);
+    l.setName(dlName);
+    l.setType("audio/x-wav");
+    l.setCategories(cats);
+    l.writeLink();
+    return true;
   } else
       return false;