Re: [AD] Maybe bug in pack_fopen_chunk

[Jon Rafkind <workmin@xxxxxxxxxx>]

On linux tmpnam produces something prefixed with "/tmp" such as
"/tmp/file2342".

Peter Hull wrote:
> In pack_fopen_chunk, file.c, line 2007 there is a bit of code involving tmpnam:
> ====
>         /* note: since the filename creation and the opening are not
>           * an atomic operation, this is not secure
>           */
>          tmpnam_string = tmpnam(NULL);
>          tmp_name = _AL_MALLOC_ATOMIC(strlen(tmp_dir) +
> strlen(tmpnam_string) + 2);
>          sprintf(tmp_name, "%s/%s", tmp_dir, tmpnam_string);
>
>          if (tmp_name) {
> #ifndef ALLEGRO_MPW
>             tmp_fd = open(tmp_name, O_RDWR | O_BINARY | O_CREAT |
> O_EXCL, OPEN_PERMS);
> #else
>             tmp_fd = _al_open(tmp_name, O_RDWR | O_BINARY | O_CREAT | O_EXCL);
> #endif
>          }
> ====
> tmp_dir has already been set up (to /tmp or whatever)
> On OSX (and as far as I can tell from the manpages, on Linux too),
> tmpnam() already supplies the path to the temporary file, (I get
> something like '/var/tmp/tmp.0.nvWJmI') so the final value of tmp_name
> is something like '/tmp//var/tmp/tmp.0.nvWJmI'. This is a non-existent
> path and open() fails.
>
> Please can someone confirm that on Linux, tmpnam provides a path?
>
> Looking at the wider context, those lines are only used if
> HAVE_MKSTEMP is not defined (mkstemp() is a much better way to do it,
> and most systems I think have mkstemp) so there is a second bug -
> namely OSX should define HAVE_MKSTEMP. I'll look into that one.
>
> Pete
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>