[lxc-devel] [PATCH 5/6] mount: use mkstemp instead of tmpnam
Tycho Andersen
tycho.andersen at canonical.com
Mon Apr 13 19:20:28 UTC 2015
On Mon, Apr 13, 2015 at 07:18:21PM +0000, Serge Hallyn wrote:
> Quoting Tycho Andersen (tycho.andersen at canonical.com):
> > Reported-by: Coverity
> > Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
> > ---
> > src/lxc/conf.c | 22 ++++++++++++++++++----
> > 1 file changed, 18 insertions(+), 4 deletions(-)
> >
> > diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> > index f1e89d8..e4222eb 100644
> > --- a/src/lxc/conf.c
> > +++ b/src/lxc/conf.c
> > @@ -2053,16 +2053,30 @@ static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab,
> >
> > FILE *write_mount_file(struct lxc_list *mount)
> > {
> > + int fd, ret;
> > FILE *file;
> > struct lxc_list *iterator;
> > - char *mount_entry;
> > + char *mount_entry, template[sizeof(P_tmpdir) + 23];
> >
> > - file = tmpfile();
> > - if (!file) {
> > - ERROR("tmpfile error: %m");
> > + ret = snprintf(template, sizeof(template), "%s/lxc_mount_file.XXXXXX", P_tmpdir);
> > + if (ret < 0 || ret >= sizeof(template))
> > + return NULL;
> > +
> > + fd = mkstemp(template);
>
> In fact bionic doesn't have mkstemp at all.
>
> There is no security hinging on this, so I think we should mark this
> as ignore in coverity.
Ok, that's fine with me. I mostly did it because it complained about
the other one in do_restore, but I think that's also not security
critical. Anyway, I spent way too much time on this this morning, so
it's good to drop this patch :)
Tycho
> > + if (fd < 0) {
> > + SYSERROR("mkstemp error");
> > + return NULL;
> > + }
> > +
> > + if (unlink(template)) {
> > + SYSERROR("unlink failed");
> > return NULL;
> > }
> >
> > + file = fdopen(fd, "r+");
> > + if (!file)
> > + return NULL;
> > +
> > lxc_list_for_each(iterator, mount) {
> > mount_entry = iterator->elem;
> > fprintf(file, "%s\n", mount_entry);
> > --
> > 2.1.4
> >
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list