Quoting Tycho Andersen (tycho.ander...@canonical.com):
> Reported-by: Coverity
> Signed-off-by: Tycho Andersen <tycho.ander...@canonical.com>
> ---
> src/lxc/conf.c | 22 ++++++++++++++++++----
> 1 file changed, 18 insertions(+), 4 deletions(-)
>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index f1e89d8..e4222eb 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -2053,16 +2053,30 @@ static int setup_mount(const struct lxc_rootfs
> *rootfs, const char *fstab,
>
> FILE *write_mount_file(struct lxc_list *mount)
> {
> + int fd, ret;
> FILE *file;
> struct lxc_list *iterator;
> - char *mount_entry;
> + char *mount_entry, template[sizeof(P_tmpdir) + 23];
>
> - file = tmpfile();
> - if (!file) {
> - ERROR("tmpfile error: %m");
> + ret = snprintf(template, sizeof(template), "%s/lxc_mount_file.XXXXXX",
> P_tmpdir);
> + if (ret < 0 || ret >= sizeof(template))
> + return NULL;
> +
> + fd = mkstemp(template);
In fact bionic doesn't have mkstemp at all.
There is no security hinging on this, so I think we should mark this
as ignore in coverity.
> + if (fd < 0) {
> + SYSERROR("mkstemp error");
> + return NULL;
> + }
> +
> + if (unlink(template)) {
> + SYSERROR("unlink failed");
> return NULL;
> }
>
> + file = fdopen(fd, "r+");
> + if (!file)
> + return NULL;
> +
> lxc_list_for_each(iterator, mount) {
> mount_entry = iterator->elem;
> fprintf(file, "%s\n", mount_entry);
> --
> 2.1.4
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
