search

rnpgp / rnp

RNP: high performance C++ OpenPGP library used by Mozilla Thunderbird
https://www.rnpgp.org
Other
194 stars 55 forks source link

Annoying linker warning: stream-common.cpp:(.text+0x2666): warning: the use of `mktemp' is dangerous, better use `mkstemp' or `mkdtemp' #1071

Closed jpo234 closed 3 years ago

jpo234 commented 4 years ago

Description

The function init_tmpfile_dest in src/librepgp/stream-common.cpp calls the deprecated mktemp function. That causes an annoying linker warning. This is what the man-page has to say:

Never use mktemp(). Some implementations follow 4.3BSD and replace XXXXXX by the current process ID and a single letter, so that at most 26 different names can be returned. Since on the one hand the names are easy to guess, and on the other hand there is a race between testing whether the name exists and opening the file, every use of mktemp() is a security risk. The race is avoided by mkstemp(3).

Steps to Reproduce

  1. Link against a static librnp-0.a

Expected Behavior

No warning

Actual Behavior

A Warning:

rnpgp/lib/librnp-0.a(stream-common.cpp.o): In function `init_tmpfile_dest(pgp_dest_t*, char const*, bool)':
stream-common.cpp:(.text+0x2666): warning: the use of `mktemp' is dangerous, better use `mkstemp' or `mkdtemp'

This is the offending line.

ni4 commented 4 years ago

@jpo234 Thanks for reporting. Will need some time to get to it (and to make it compatible with Windows).

ni4 commented 4 years ago

PR #1127 may be useful here.