[asterisk-bugs] [JIRA] (ASTERISK-20858) app_minivm fails to clean up mkstemp files
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Fri Oct 13 13:15:24 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-20858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Asterisk Team updated ASTERISK-20858:
-------------------------------------
Target Release Version/s: 15.1.0
> app_minivm fails to clean up mkstemp files
> ------------------------------------------
>
> Key: ASTERISK-20858
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-20858
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Applications/app_minivm
> Reporter: Walter Doekes
> Severity: Minor
> Target Release: 14.7.0, 13.18.0, 15.1.0
>
>
> Matt recently touched this code and removed a comment about leaking fd's and files.
> {noformat}
> tmpfd = mkstemp(newtmp);
> if (tmpfd < 0) {
> ast_log(LOG_WARNING, "Failed to create temporary file for volgain: %d\n", errno);
> ast_free(str1);
> ast_free(str2);
> return -1;
> }
> snprintf(tmpcmd, sizeof(tmpcmd), "sox -v %.4f %s.%s %s.%s", vmu->volgain, filename, format, newtmp, format);
> ast_safe_system(tmpcmd);
> {noformat}
> The fd leaks may be gone, but this looks like:
> (a) file leaks
> (b) misuse of mkstemp by appending format to the filename
> First we have mkstemp create an actual file "/tmp/ABCDEF" and then we write to "/tmp/ABCDEF.wav". No one cares about the original "/tmp/ABCDEF" on disk, and by writing to "/tmp/ABCDEF.wav" you're ignoring most of the functionality of mkstemp -- being secure and not overwriting existing files.
> Lastly, no one ever clears up fname (finalfilename.format), resulting in a second file leak.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list