Change mutt_adv_mktemp to call mutt_mktemp instead of mktemp. (see #3638).

mutt_mktemp is currently called in 95% of the cases in mutt, and
is already our "own rolled" version of mktemp.  The "insecure mktemp
warning" discussion keeps coming up, so instead add prefix and suffix
functionality to mutt_mktemp() and call that.

All other uses of Tempdir in the mutt source did not call
mutt_expand_path() first, so remove that from mutt_adv_mktemp().

diff --git a/muttlib.c b/muttlib.c
index 8005e9c3db83aa014ee8c288645d9e09097e8678..02067cce2ecf9bc79c69bf8a36bbeb3abdab0db9 100644 (file)
--- a/muttlib.c
+++ b/muttlib.c
@@ -64,36 +64,28 @@ BODY *mutt_new_body (void)
  */
 void mutt_adv_mktemp (char *s, size_t l)
 {
-  char buf[_POSIX_PATH_MAX];
-  char tmp[_POSIX_PATH_MAX];
-  char *period;
-  size_t sl;
+  char prefix[_POSIX_PATH_MAX];
+  char *suffix;
   struct stat sb;
-  
-  strfcpy (buf, NONULL (Tempdir), sizeof (buf));
-  mutt_expand_path (buf, sizeof (buf));
+
   if (s[0] == '\0')
   {
-    snprintf (s, l, "%s/muttXXXXXX", buf);
-    mktemp (s);
+    mutt_mktemp (s, l);
   }
   else
   {
-    strfcpy (tmp, s, sizeof (tmp));
-    mutt_sanitize_filename (tmp, 1);
-    snprintf (s, l, "%s/%s", buf, tmp);
+    strfcpy (prefix, s, sizeof (prefix));
+    mutt_sanitize_filename (prefix, 1);
+    snprintf (s, l, "%s/%s", NONULL (Tempdir), prefix);
     if (lstat (s, &sb) == -1 && errno == ENOENT)
       return;
-    if ((period = strrchr (tmp, '.')) != NULL)
-      *period = 0;
-    snprintf (s, l, "%s/%s.XXXXXX", buf, tmp);
-    mktemp (s);
-    if (period != NULL)
+
+    if ((suffix = strrchr (prefix, '.')) != NULL)
     {
-      *period = '.';
-      sl = mutt_strlen(s);
-      strfcpy(s + sl, period, l - sl);
+      *suffix = 0;
+      ++suffix;
     }
+    mutt_mktemp_pfx_sfx (s, l, prefix, suffix);
   }
 }
 
@@ -779,10 +771,13 @@ void mutt_merge_envelopes(ENVELOPE* base, ENVELOPE** extra)
   mutt_free_envelope(extra);
 }
 
-void _mutt_mktemp (char *s, size_t slen, const char *src, int line)
+void _mutt_mktemp (char *s, size_t slen, const char *prefix, const char *suffix,
+                   const char *src, int line)
 {
-  size_t n = snprintf (s, slen, "%s/mutt-%s-%d-%d-%ld%ld", NONULL (Tempdir), NONULL (Hostname),
-      (int) getuid (), (int) getpid (), random (), random ());
+  size_t n = snprintf (s, slen, "%s/%s-%s-%d-%d-%ld%ld%s%s",
+      NONULL (Tempdir), NONULL (prefix), NONULL (Hostname),
+      (int) getuid (), (int) getpid (), random (), random (),
+      suffix ? "." : "", NONULL (suffix));
   if (n >= slen)
     dprint (1, (debugfile, "%s:%d: ERROR: insufficient buffer space to hold temporary filename! slen=%zu but need %zu\n",
            src, line, slen, n));

diff --git a/protos.h b/protos.h
index fd898d6f72a8e384fd59a2d97ff8dd7f202c1a7a..2ba4d1d571c374b703d253af31a1aa5d55d93399 100644 (file)
--- a/protos.h
+++ b/protos.h
@@ -218,8 +218,9 @@ void mutt_make_misc_reply_headers (ENVELOPE *env, CONTEXT *ctx, HEADER *cur, ENV
 void mutt_make_post_indent (CONTEXT *ctx, HEADER *cur, FILE *out);
 void mutt_merge_envelopes(ENVELOPE* base, ENVELOPE** extra);
 void mutt_message_to_7bit (BODY *, FILE *);
-#define mutt_mktemp(a,b) _mutt_mktemp (a, b, __FILE__, __LINE__)
-void _mutt_mktemp (char *, size_t, const char *, int);
+#define mutt_mktemp(a,b) mutt_mktemp_pfx_sfx (a, b, "mutt", NULL)
+#define mutt_mktemp_pfx_sfx(a,b,c,d)  _mutt_mktemp (a, b, c, d, __FILE__, __LINE__)
+void _mutt_mktemp (char *, size_t, const char *, const char *, const char *, int);
 void mutt_normalize_time (struct tm *);
 void mutt_paddstr (int, const char *);
 void mutt_parse_mime_message (CONTEXT *ctx, HEADER *);
@@ -508,7 +509,6 @@ extern void srand48 ();
 extern time_t mktime ();
 extern int vsprintf ();
 extern int ungetc ();
-extern char *mktemp ();
 extern int ftruncate ();
 extern void *memset ();
 extern int pclose ();