From: Kevin McCarthy Date: Mon, 17 Aug 2015 19:31:40 +0000 (-0700) Subject: Change mutt_adv_mktemp to call mutt_mktemp instead of mktemp. (see #3638). X-Git-Tag: neomutt-20160307~24 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7022ae3642a8dcdff3836f958e83941f449ccc3d;p=neomutt Change mutt_adv_mktemp to call mutt_mktemp instead of mktemp. (see #3638). mutt_mktemp is currently called in 95% of the cases in mutt, and is already our "own rolled" version of mktemp. The "insecure mktemp warning" discussion keeps coming up, so instead add prefix and suffix functionality to mutt_mktemp() and call that. All other uses of Tempdir in the mutt source did not call mutt_expand_path() first, so remove that from mutt_adv_mktemp(). --- diff --git a/muttlib.c b/muttlib.c index 8005e9c3d..02067cce2 100644 --- a/muttlib.c +++ b/muttlib.c @@ -64,36 +64,28 @@ BODY *mutt_new_body (void) */ void mutt_adv_mktemp (char *s, size_t l) { - char buf[_POSIX_PATH_MAX]; - char tmp[_POSIX_PATH_MAX]; - char *period; - size_t sl; + char prefix[_POSIX_PATH_MAX]; + char *suffix; struct stat sb; - - strfcpy (buf, NONULL (Tempdir), sizeof (buf)); - mutt_expand_path (buf, sizeof (buf)); + if (s[0] == '\0') { - snprintf (s, l, "%s/muttXXXXXX", buf); - mktemp (s); + mutt_mktemp (s, l); } else { - strfcpy (tmp, s, sizeof (tmp)); - mutt_sanitize_filename (tmp, 1); - snprintf (s, l, "%s/%s", buf, tmp); + strfcpy (prefix, s, sizeof (prefix)); + mutt_sanitize_filename (prefix, 1); + snprintf (s, l, "%s/%s", NONULL (Tempdir), prefix); if (lstat (s, &sb) == -1 && errno == ENOENT) return; - if ((period = strrchr (tmp, '.')) != NULL) - *period = 0; - snprintf (s, l, "%s/%s.XXXXXX", buf, tmp); - mktemp (s); - if (period != NULL) + + if ((suffix = strrchr (prefix, '.')) != NULL) { - *period = '.'; - sl = mutt_strlen(s); - strfcpy(s + sl, period, l - sl); + *suffix = 0; + ++suffix; } + mutt_mktemp_pfx_sfx (s, l, prefix, suffix); } } @@ -779,10 +771,13 @@ void mutt_merge_envelopes(ENVELOPE* base, ENVELOPE** extra) mutt_free_envelope(extra); } -void _mutt_mktemp (char *s, size_t slen, const char *src, int line) +void _mutt_mktemp (char *s, size_t slen, const char *prefix, const char *suffix, + const char *src, int line) { - size_t n = snprintf (s, slen, "%s/mutt-%s-%d-%d-%ld%ld", NONULL (Tempdir), NONULL (Hostname), - (int) getuid (), (int) getpid (), random (), random ()); + size_t n = snprintf (s, slen, "%s/%s-%s-%d-%d-%ld%ld%s%s", + NONULL (Tempdir), NONULL (prefix), NONULL (Hostname), + (int) getuid (), (int) getpid (), random (), random (), + suffix ? "." : "", NONULL (suffix)); if (n >= slen) dprint (1, (debugfile, "%s:%d: ERROR: insufficient buffer space to hold temporary filename! slen=%zu but need %zu\n", src, line, slen, n)); diff --git a/protos.h b/protos.h index fd898d6f7..2ba4d1d57 100644 --- a/protos.h +++ b/protos.h @@ -218,8 +218,9 @@ void mutt_make_misc_reply_headers (ENVELOPE *env, CONTEXT *ctx, HEADER *cur, ENV void mutt_make_post_indent (CONTEXT *ctx, HEADER *cur, FILE *out); void mutt_merge_envelopes(ENVELOPE* base, ENVELOPE** extra); void mutt_message_to_7bit (BODY *, FILE *); -#define mutt_mktemp(a,b) _mutt_mktemp (a, b, __FILE__, __LINE__) -void _mutt_mktemp (char *, size_t, const char *, int); +#define mutt_mktemp(a,b) mutt_mktemp_pfx_sfx (a, b, "mutt", NULL) +#define mutt_mktemp_pfx_sfx(a,b,c,d) _mutt_mktemp (a, b, c, d, __FILE__, __LINE__) +void _mutt_mktemp (char *, size_t, const char *, const char *, const char *, int); void mutt_normalize_time (struct tm *); void mutt_paddstr (int, const char *); void mutt_parse_mime_message (CONTEXT *ctx, HEADER *); @@ -508,7 +509,6 @@ extern void srand48 (); extern time_t mktime (); extern int vsprintf (); extern int ungetc (); -extern char *mktemp (); extern int ftruncate (); extern void *memset (); extern int pclose ();