Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 29 Jun 2012 10:12:29 +0530
From: Dhiru Kholia <>
Subject: Re: office2john.c uses mktemp()

On Fri, Jun 29, 2012 at 2:17 AM, Solar Designer <> wrote:
> Dhiru, all -
> I've just noticed this:
>        dirname = mktemp(template);
>        if (!dirname) {
>                perror("mkdtemp");
>                exit(-1);
>        }
>        outfile = gsf_outfile_stdio_new(dirname, &err);
>        if (outfile == NULL) {
> I hope gsf_outfile_stdio_new() will return NULL if the directory name is
> already taken, so this is not a security hole then (otherwise it is!),
> but even if so this has two issues:

I will try this soon and see what happens.

> 1. mktemp() is deprecated, to the point that some systems will give
> scary warnings and some might not even provide the function.

Will replace it with mkstemp.

> 2. In the perror() call, it says "mkdtemp", whereas the function that
> was actually called was mktemp().

Typo. Message inside perror should be mktemp. gsf_outfile_stdio_new
itself creates the folder IIRC.

> Do you see an easy fix for this?  If so, please propose one in here
> first, don't commit any fix right away.

Replace mktemp by mkstemp and ensure that gsf_outfile_stdio_new works

I will do some tests and report back.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.