On 06/19/2013 01:29 PM, Andreas Färber wrote:
>> +int init_cache_data(struct cache_data *cd, const char *filename)
>> +{
>> + int fd;
>> + char *tmpname;
>> +
>> + /* init the tmp file */
>> + tmpname = getenv("TMPDIR");
>> + if (!tmpname) {
>> + tmpname = (char *)P_tmpdir;
>
> P_tmpdir is marked obsolescent in Open Group spec 7. Maybe Erik can
s/Erik/Eric/ (but don't worry, you're not the first to make that typo)
Hmm, you are correct that tempnam() is marked as an obsolescent
interface (because it has the same security flaws as mktemp(); the
standard introduced mkstemp() to overcome the security hole but did not
add a replacement for tempnam()). I guess since nothing else in the
standard refers to P_tmpdir, it was also marked obsolecent. And since
C99 doesn't require either the constant or the (inherently broken)
tempnam(), it may be safer to guard this line by #ifdef P_tmpdir, rather
than assuming that <stdio.h> blindly provides it.
> comment some more? Did you verify it builds with mingw32/64?
> (I stumbled over it because I found the variable name odd and didn't see
> it defined anywhere.)
>
>> + }
>> +
>> + cd->file_name = (char *)g_strdup_printf("%s/%s", tmpname, filename);
>> +
>> + fd = mkstemp(cd->file_name);
At least your use of P_tmpdir was to generate a saner template, instead
of trying to use the inherently-broken tempnam().
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
