Compiler warning: use of mktemp is dangerous. Fixes #956#957
Compiler warning: use of mktemp is dangerous. Fixes #956#957pmqs wants to merge 7 commits intozlib-ng:developfrom
mktemp is dangerous. Fixes #956#957Conversation
mz_os_posix.c
Outdated
| return MZ_INTERNAL_ERROR; | ||
|
|
||
| /* Create a filename inside the temporary directory */ | ||
| result = snprintf(path, max_path, "%s/f", temp_path); |
There was a problem hiding this comment.
The filename is f?
Yes.
mz_os_posix.c
Outdated
| /* Check for no environment variable set at all */ | ||
| if (!tmp_dir) | ||
| return MZ_INTERNAL_ERROR; | ||
|
|
There was a problem hiding this comment.
| /* Check for no environment variable set at all */ | |
| if (!tmp_dir) | |
| return MZ_INTERNAL_ERROR; |
Is this reachable actually?
There was a problem hiding this comment.
Good catch. I missed the last if statement in the block of code before this. I'll update it
if (!tmp_dir)
tmp_dir = "/tmp";
|
Maybe I am a dumb-dumb, but why is random dir with a fixed name more secure than a random filename with a fixed dir? |
I believe that
|
|
|
@Coeur thanks that makes sense. I suggest instead of |
Done |
mz_os_posix.c
Outdated
| int32_t mz_os_get_temp_path(char *path, int32_t max_path, const char *prefix) { | ||
| const char *tmp_dir = NULL; | ||
| int32_t result = 0; | ||
| char temp_path[max_path]; |
There was a problem hiding this comment.
Sorry for this, but I think this is a newer C standard thing right? Maybe just best to do calloc().
There was a problem hiding this comment.
C99 brought stack-allocated variable-length arrays, see https://en.wikipedia.org/wiki/Variable-length_array#C.
Yes, better stick with heap-allocated array here.
There was a problem hiding this comment.
Ha! I knew that zlib-ng policed this one in cmake and assumed minizip-ng did as well.
I've made the change, but can we get cmake to police a minimum version?
|
|
||
| int32_t mz_os_get_temp_path(char *path, int32_t max_path, const char *prefix) { | ||
| const char *tmp_dir = NULL; | ||
| char *temp_path = (char *)calloc(max_path, sizeof(char)); |
|
|
||
| /* Build template path for mktemp: <tmp_dir>/<prefix>XXXXXX */ | ||
| result = snprintf(path, max_path, "%s/%sXXXXXX", tmp_dir, prefix ? prefix : ""); | ||
| /* Build template path for mkdtemp: <tmp_dir>/<prefix>XXXXXX */ |
There was a problem hiding this comment.
temp_path = (char *)calloc(max_path, sizeof(char));
Don't forget to do free(temp_path) also for every failure path after.
There was a problem hiding this comment.
temp_path = (char *)calloc(max_path, sizeof(char));Don't forget to do
free(temp_path)also for every failure path after.
Wow! I run with address sanitizer enabled all the time to catch things like this.
Hmm, just looking at the compiler commandline I'm not seeing the expected options.
Anyway, I've added the free
There was a problem hiding this comment.
This is still not fixed, there are return paths where it would leak memory.
4 participants
Silence the compiler warning below by using
mkdtempinstead ofmktemp