[lxc-devel] [PATCH 5/6] mount: use mkstemp instead of tmpnam

Serge Hallyn serge.hallyn at ubuntu.com
Mon Apr 13 19:18:21 UTC 2015


Quoting Tycho Andersen (tycho.andersen at canonical.com):
> Reported-by: Coverity
> Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
> ---
>  src/lxc/conf.c | 22 ++++++++++++++++++----
>  1 file changed, 18 insertions(+), 4 deletions(-)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index f1e89d8..e4222eb 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -2053,16 +2053,30 @@ static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab,
>  
>  FILE *write_mount_file(struct lxc_list *mount)
>  {
> +	int fd, ret;
>  	FILE *file;
>  	struct lxc_list *iterator;
> -	char *mount_entry;
> +	char *mount_entry, template[sizeof(P_tmpdir) + 23];
>  
> -	file = tmpfile();
> -	if (!file) {
> -		ERROR("tmpfile error: %m");
> +	ret = snprintf(template, sizeof(template), "%s/lxc_mount_file.XXXXXX", P_tmpdir);
> +	if (ret < 0 || ret >= sizeof(template))
> +		return NULL;
> +
> +	fd = mkstemp(template);

In fact bionic doesn't have mkstemp at all.

There is no security hinging on this, so I think we should mark this
as ignore in coverity.

> +	if (fd < 0) {
> +		SYSERROR("mkstemp error");
> +		return NULL;
> +	}
> +
> +	if (unlink(template)) {
> +		SYSERROR("unlink failed");
>  		return NULL;
>  	}
>  
> +	file = fdopen(fd, "r+");
> +	if (!file)
> +		return NULL;
> +
>  	lxc_list_for_each(iterator, mount) {
>  		mount_entry = iterator->elem;
>  		fprintf(file, "%s\n", mount_entry);
> -- 
> 2.1.4
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel


More information about the lxc-devel mailing list