Bug 22594 - vim uses mktemp (affects vi, vim and ex)
vim uses mktemp (affects vi, vim and ex)
Product: Red Hat Linux
Classification: Retired
Component: vim (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
Need Real Name
: Security
: 22595 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2000-12-20 14:49 EST by jose nazario
Modified: 2007-04-18 12:30 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-12-20 16:57:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description jose nazario 2000-12-20 14:49:16 EST
same problem that ed had, mktemp and fopen. see also OpenBSD's bug #150 


            STRCAT(itmp, TEMPNAME);
            if ((p = vim_strchr(itmp, '?')) != NULL)
                *p = extra_char;
3121:       if (mktemp((char *)itmp) == NULL)
            return vim_strsave(itmp);

fopen problem:

mch_fopen is defined in macros.h for non VMS systems:

92:  # define mch_fopen(n, p)  fopen(vms_fixfilename(n), (p))

grepping in the vim-5.7 source:

edit.c:1799:        fp = mch_fopen((char *)files[i], "r");  /* open 
dictionary f
ile */
eval.c:2677:    if (*p && !mch_isdir(p) && (fd = mch_fopen((char *)p, "r")) 
!= N
ex_cmds.c:1265:    if ((fp = mch_fopen((char *)file, READBIN)) == NULL)
ex_cmds.c:1314: fp_in = mch_fopen((char *)file, READBIN);
ex_cmds.c:1327:     fp_out = mch_fopen((char *)file, WRITEBIN);
ex_cmds.c:1449:         fp_out = mch_fopen((char *)tempname, WRITEBIN);
ex_cmds.c:1459:                 fp_out = mch_fopen((char *)tempname, 
ex_cmds.c:3868:     if ((helpfd = mch_fopen((char *)p_hf, READBIN)) == 
ex_docmd.c:4398:    cookie.fp = mch_fopen((char *)fname_exp, READBIN);
ex_docmd.c:4415:            cookie.fp = mch_fopen((char *)fname_exp, 
ex_docmd.c:6973:    if ((fd = mch_fopen((char *)eap->arg, mode)) == NULL)
getchar.c:969:    if ((scriptin[curscript] = mch_fopen((char *)NameBuff, 
)) == NULL)
macros.h:86:# define mch_fopen(n, p)  fopen(vms_fixfilename(n), (p))
macros.h:92:# define mch_fopen(n, p)  fopen((n), (p))
main.c:723:                 if ((scriptin[0] = mch_fopen(argv[0], READBIN)) 
== N
main.c:773:                 if ((scriptout = mch_fopen(argv[0],
memline.c:3347:     dummyfd = mch_fopen((char *)buf->b_fname, "w");
misc1.c:5719:    fd = mch_fopen((char *)tempname, "r");
os_unix.c:3481:    fd = fopen((char *)tempname, "r");
osdef1.h.in:19:extern FILE      *fopen __ARGS((char *, char *));
quickfix.c:160:    if ((fd = mch_fopen((char *)efile, "r")) == NULL)
search.c:3361:          if ((files[depth + 1].fp = mch_fopen((char 
tag.c:1039:         if ((fp = mch_fopen((char *)tag_fname, "r")) == NULL)
tag.c:1223:                             fp = mch_fopen((char 
*)fullpath_ebuf, "r
termlib.c:115:    if (!(termcap = mch_fopen(tcap, "r")))
Comment 1 Bernhard Rosenkraenzer 2000-12-20 16:57:22 EST
This is fixed in Rawhide, errata package waiting for QA approval
Comment 2 Bernhard Rosenkraenzer 2000-12-21 08:07:26 EST
On a second look, the patch isn't necessary. It's possible to use mktemp() in an
insecure way, but that's not what vim does. It checks for symlinks before
opening the file, so basically it does what mkstemp() promises to do.
Comment 3 Bernhard Rosenkraenzer 2000-12-21 08:07:45 EST
*** Bug 22595 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.