oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: QEMU 2.3.0 tmp vulns CVE request

From: Jakub Wilk <jwilk () jwilk net>
Date: Sat, 16 May 2015 16:38:29 +0200
* Michael Tokarev <mjt () tls msk ru>, 2015-05-16, 11:45:

./net/slirp.c:
   snprintf(s->smb_dir, sizeof(s->smb_dir), "/tmp/qemu-smb.%ld-%d",
            (long)getpid(), instance++);
This one is real, used for -smb argument, to start smbd, making its configuration. Maybe tmpnam() should be used here. 

"Never use this function.  Use mkstemp(3) or tmpfile(3) instead."

--
Jakub Wilk
Previous By Date Next
Previous By Thread Next

Current thread: