22594 – vim uses mktemp (affects vi, vim and ex)

Bug 22594 - vim uses mktemp (affects vi, vim and ex)

Summary: vim uses mktemp (affects vi, vim and ex)

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	vim
Sub Component:
Version:	7.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Bernhard Rosenkraenzer
QA Contact:	Need Real Name
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	22595 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-12-20 19:49 UTC by jose nazario
Modified:	2007-04-18 16:30 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2000-12-20 21:57:26 UTC
Embargoed:

Attachments	(Terms of Use)

Description jose nazario 2000-12-20 19:49:16 UTC

same problem that ed had, mktemp and fopen. see also OpenBSD's bug #150 
(http://cvs.openbsd.org/cgi-bin/wwwgnats.pl/full/150)

fileio.c:

                add_pathsep(itmp);
            STRCAT(itmp, TEMPNAME);
            if ((p = vim_strchr(itmp, '?')) != NULL)
                *p = extra_char;
3121:       if (mktemp((char *)itmp) == NULL)
                continue;
            return vim_strsave(itmp);

fopen problem:

mch_fopen is defined in macros.h for non VMS systems:

92:  # define mch_fopen(n, p)  fopen(vms_fixfilename(n), (p))

grepping in the vim-5.7 source:

edit.c:1799:        fp = mch_fopen((char *)files[i], "r");  /* open 
dictionary f
ile */
eval.c:2677:    if (*p && !mch_isdir(p) && (fd = mch_fopen((char *)p, "r")) 
!= N
ULL)
ex_cmds.c:1265:    if ((fp = mch_fopen((char *)file, READBIN)) == NULL)
ex_cmds.c:1314: fp_in = mch_fopen((char *)file, READBIN);
ex_cmds.c:1327:     fp_out = mch_fopen((char *)file, WRITEBIN);
ex_cmds.c:1449:         fp_out = mch_fopen((char *)tempname, WRITEBIN);
ex_cmds.c:1459:                 fp_out = mch_fopen((char *)tempname, 
WRITEBIN);
ex_cmds.c:3868:     if ((helpfd = mch_fopen((char *)p_hf, READBIN)) == 
NULL)
ex_docmd.c:4398:    cookie.fp = mch_fopen((char *)fname_exp, READBIN);
ex_docmd.c:4415:            cookie.fp = mch_fopen((char *)fname_exp, 
READBIN);
ex_docmd.c:6973:    if ((fd = mch_fopen((char *)eap->arg, mode)) == NULL)
getchar.c:969:    if ((scriptin[curscript] = mch_fopen((char *)NameBuff, 
READBIN
)) == NULL)
macros.h:86:# define mch_fopen(n, p)  fopen(vms_fixfilename(n), (p))
macros.h:92:# define mch_fopen(n, p)  fopen((n), (p))
main.c:723:                 if ((scriptin[0] = mch_fopen(argv[0], READBIN)) 
== N
ULL)
main.c:773:                 if ((scriptout = mch_fopen(argv[0],
memline.c:3347:     dummyfd = mch_fopen((char *)buf->b_fname, "w");
misc1.c:5719:    fd = mch_fopen((char *)tempname, "r");
os_unix.c:3481:    fd = fopen((char *)tempname, "r");
osdef1.h.in:19:extern FILE      *fopen __ARGS((char *, char *));
quickfix.c:160:    if ((fd = mch_fopen((char *)efile, "r")) == NULL)
search.c:3361:          if ((files[depth + 1].fp = mch_fopen((char 
*)new_fname,
"r"))
tag.c:1039:         if ((fp = mch_fopen((char *)tag_fname, "r")) == NULL)
tag.c:1223:                             fp = mch_fopen((char 
*)fullpath_ebuf, "r
");
termlib.c:115:    if (!(termcap = mch_fopen(tcap, "r")))

Comment 1 Bernhard Rosenkraenzer 2000-12-20 21:57:22 UTC

This is fixed in Rawhide, errata package waiting for QA approval

Comment 2 Bernhard Rosenkraenzer 2000-12-21 13:07:26 UTC

On a second look, the patch isn't necessary. It's possible to use mktemp() in an
insecure way, but that's not what vim does. It checks for symlinks before
opening the file, so basically it does what mkstemp() promises to do.

Comment 3 Bernhard Rosenkraenzer 2000-12-21 13:07:45 UTC

*** Bug 22595 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.