tmpnam vs mkstemp
The compiler gives a warning when compiling cmgui (and the perl_interpreter) that using tmpnam is bad and mkstemp should be used instead.
I have had a look at the code and there are three calls to tmpnam in cmgui. Two calls can be replaced with a call to mkstemp but I see no easy way to change the last call, as we are using tmpnam in an unusual way. Usually it is used to create a unique temporary file name just before an fopen call. In our case it is used to create a unique file name that becomes part of a command string which is then executed by calling the system function.
mkstemp is designed to create a unique temporary file name and open it in one go, protecting from the possibility of another routine replacing the filename with a symbolic link to a different file before it is opened. Because it also opens the file, it can not be used as a direct replacement for the last call to tmpnam.
Some useful links on the tmpnam vs mkstemp problem:
- http://www.gnu.org/software/libc/manual/html_node/Temporary-Files.html This page describes the various temporary name functions.
- http://www.tldp.org/HOWTO/Secure-Programs-HOWTO/avoid-race.html This page has some thoughts on security plus example code of how to use mkstemp.
In general code like this:
FILE *uid_file; char temp_uid_name[L_tmpnam]; tmpnam(temp_uid_name) uid_file = fopen(temp_uid_name,"w");
Can be replaced with code like this:
FILE *uid_file; char template_name[]="/tmp/cmguiXXXXXX"; int temp_fd; temp_fd=mkstemp(template_name); uid_file = fdopen(temp_fd,"w");
Note that in the above code I have not done any checking, to make it simpler to see how the calls work. You should check that tmpnam/fopen and mkstemp/fdopen succeed, using if statements. If they fail, return an error message.