[asterisk-bugs] [JIRA] (ASTERISK-20858) app_minivm fails to clean up mkstemp files
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Thu Jan 3 08:48:45 CST 2013
[ https://issues.asterisk.org/jira/browse/ASTERISK-20858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=201057#comment-201057 ]
Matt Jordan commented on ASTERISK-20858:
----------------------------------------
So, my only defense here is that I didn't introduce (a) or (b) :-)
It looks like what you described is actual the original intent of the code - to use mkstemp for the unique string of characters it produces as an input to {{sox}}, as opposed to actually using the file it creates. You're right that it probably shouldn't do that and that it should at least clean up the 0 byte file it just created on disk.
I don't think you're very likely to have a filename collision by appending '.wav' to ABCDEF when you call {{sox}}, but it is possible.
> app_minivm fails to clean up mkstemp files
> ------------------------------------------
>
> Key: ASTERISK-20858
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-20858
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Applications/app_minivm
> Reporter: Walter Doekes
> Severity: Minor
>
> Matt recently touched this code and removed a comment about leaking fd's and files.
> {noformat}
> tmpfd = mkstemp(newtmp);
> if (tmpfd < 0) {
> ast_log(LOG_WARNING, "Failed to create temporary file for volgain: %d\n", errno);
> ast_free(str1);
> ast_free(str2);
> return -1;
> }
> snprintf(tmpcmd, sizeof(tmpcmd), "sox -v %.4f %s.%s %s.%s", vmu->volgain, filename, format, newtmp, format);
> ast_safe_system(tmpcmd);
> {noformat}
> The fd leaks may be gone, but this looks like:
> (a) file leaks
> (b) misuse of mkstemp by appending format to the filename
> First we have mkstemp create an actual file "/tmp/ABCDEF" and then we write to "/tmp/ABCDEF.wav". No one cares about the original "/tmp/ABCDEF" on disk, and by writing to "/tmp/ABCDEF.wav" you're ignoring most of the functionality of mkstemp -- being secure and not overwriting existing files.
> Lastly, no one ever clears up fname (finalfilename.format), resulting in a second file leak.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list