tmpnam() really should not be used for security reasons.
Replace it where used and update README.developer accordingly. svn path=/trunk/; revision=11235
This commit is contained in:
Jörg Mayer
parent
021f72021e
commit
0195deceae
|
|
@ -1,4 +1,4 @@
|
|||
$Id: README.developer,v 1.96 2004/06/19 00:07:23 guy Exp $
|
||||
$Id: README.developer,v 1.97 2004/06/25 07:04:03 jmayer Exp $
|
||||
|
||||
This file is a HOWTO for Ethereal developers. It describes how to start coding
|
||||
a Ethereal protocol dissector and the use some of the important functions and
|
||||
|
|
@ -222,6 +222,11 @@ snprintf() -> g_snprintf()
|
|||
snprintf() is not available on all platforms, so it's a good idea to use the
|
||||
g_snprintf() function declared by <glib.h> instead.
|
||||
|
||||
tmpnam() -> mkstemp()
|
||||
tmpnam is insecure and should not be used any more. Ethereal brings its
|
||||
own mkstemp implementation for use on platforms that lack mkstemp.
|
||||
Note: mkstemp does not accept NULL as a parameter.
|
||||
|
||||
The pointer retured by a call to "tvb_get_ptr()" is not guaranteed to be
|
||||
aligned on any particular byte boundary; this means that you cannot
|
||||
safely cast it to any data type other than a pointer to "char",
|
||||
|
|
@ -368,12 +373,12 @@ code inside
|
|||
|
||||
is needed only if you are using the "snprintf()" function.
|
||||
|
||||
The "$Id: README.developer,v 1.96 2004/06/19 00:07:23 guy Exp $"
|
||||
The "$Id: README.developer,v 1.97 2004/06/25 07:04:03 jmayer Exp $"
|
||||
in the comment will be updated by CVS when the file is
|
||||
checked in; it will allow the RCS "ident" command to report which
|
||||
version of the file is currently checked out.
|
||||
|
||||
When creating a new file, it is fine to just write "$Id: README.developer,v 1.96 2004/06/19 00:07:23 guy Exp $" as RCS will
|
||||
When creating a new file, it is fine to just write "$Id: README.developer,v 1.97 2004/06/25 07:04:03 jmayer Exp $" as RCS will
|
||||
automatically fill in the identifier at the time the file will be added to the
|
||||
CVS repository (checked in).
|
||||
|
||||
|
|
@ -382,7 +387,7 @@ CVS repository (checked in).
|
|||
* Routines for PROTONAME dissection
|
||||
* Copyright 2000, YOUR_NAME <YOUR_EMAIL_ADDRESS>
|
||||
*
|
||||
* $Id: README.developer,v 1.96 2004/06/19 00:07:23 guy Exp $
|
||||
* $Id: README.developer,v 1.97 2004/06/25 07:04:03 jmayer Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
/* file_dlg.c
|
||||
* Dialog boxes for handling files
|
||||
*
|
||||
* $Id: file_dlg.c,v 1.121 2004/06/21 16:45:07 ulfl Exp $
|
||||
* $Id: file_dlg.c,v 1.122 2004/06/25 07:04:02 jmayer Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
|
@ -957,7 +957,7 @@ file_merge_ok_cb(GtkWidget *w, gpointer fs) {
|
|||
}
|
||||
|
||||
/*XXX should use temp file stuff in util routines? */
|
||||
cf_merged_name = g_strdup(tmpnam(NULL));
|
||||
cf_merged_name = g_strdup(mkstemp("etherealXXXXXX"));
|
||||
|
||||
/* merge or append the two files */
|
||||
rb = OBJECT_GET_DATA(w, E_MERGE_CHRONO_KEY);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
/* follow_dlg.c
|
||||
*
|
||||
* $Id: follow_dlg.c,v 1.66 2004/06/17 16:35:24 ulfl Exp $
|
||||
* $Id: follow_dlg.c,v 1.67 2004/06/25 07:04:02 jmayer Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
|
@ -800,7 +800,7 @@ follow_print_stream(GtkWidget * w _U_, gpointer data)
|
|||
#ifdef _WIN32
|
||||
win_printer = TRUE;
|
||||
/*XXX should use temp file stuff in util routines */
|
||||
print_dest = g_strdup(tmpnam(NULL));
|
||||
print_dest = g_strdup(mkstemp("etherealXXXXXX"));
|
||||
to_file = TRUE;
|
||||
#else
|
||||
print_dest = prefs.pr_cmd;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
/* main.c
|
||||
*
|
||||
* $Id: main.c,v 1.446 2004/06/21 16:45:07 ulfl Exp $
|
||||
* $Id: main.c,v 1.447 2004/06/25 07:04:02 jmayer Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
|
@ -1300,7 +1300,7 @@ dnd_merge_files(int in_file_count, char **in_filenames)
|
|||
|
||||
|
||||
/*XXX should use temp file stuff in util routines? */
|
||||
cf_merged_name = g_strdup(tmpnam(NULL));
|
||||
cf_merged_name = g_strdup(mkstemp("etherealXXXXXX"));
|
||||
|
||||
/* merge the files in chonological order */
|
||||
merge_ok = merge_n_files(cf_merged_name, in_file_count, in_filenames, FALSE, &err);
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
/* print_dlg.c
|
||||
* Dialog boxes for printing
|
||||
*
|
||||
* $Id: print_dlg.c,v 1.78 2004/05/27 21:52:07 ulfl Exp $
|
||||
* $Id: print_dlg.c,v 1.79 2004/06/25 07:04:02 jmayer Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
|
@ -768,7 +768,7 @@ print_ok_cb(GtkWidget *ok_bt, gpointer parent_w)
|
|||
win_printer = TRUE;
|
||||
/*XXX should use temp file stuff in util routines */
|
||||
g_free(args->file);
|
||||
args->file = g_strdup(tmpnam(NULL));
|
||||
args->file = g_strdup(mkstemp("etherealXXXXXX"));
|
||||
args->to_file = TRUE;
|
||||
#else
|
||||
g_free(args->cmd);
|
||||
|
|
|
|||
Loading…
Reference in New Issue