Quoting Tycho Andersen (tycho.ander...@canonical.com): > Reported-by: Coverity > Signed-off-by: Tycho Andersen <tycho.ander...@canonical.com> > --- > src/lxc/conf.c | 22 ++++++++++++++++++---- > 1 file changed, 18 insertions(+), 4 deletions(-) > > diff --git a/src/lxc/conf.c b/src/lxc/conf.c > index f1e89d8..e4222eb 100644 > --- a/src/lxc/conf.c > +++ b/src/lxc/conf.c > @@ -2053,16 +2053,30 @@ static int setup_mount(const struct lxc_rootfs > *rootfs, const char *fstab, > > FILE *write_mount_file(struct lxc_list *mount) > { > + int fd, ret; > FILE *file; > struct lxc_list *iterator; > - char *mount_entry; > + char *mount_entry, template[sizeof(P_tmpdir) + 23]; > > - file = tmpfile(); > - if (!file) { > - ERROR("tmpfile error: %m"); > + ret = snprintf(template, sizeof(template), "%s/lxc_mount_file.XXXXXX", > P_tmpdir); > + if (ret < 0 || ret >= sizeof(template)) > + return NULL; > + > + fd = mkstemp(template);
In fact bionic doesn't have mkstemp at all. There is no security hinging on this, so I think we should mark this as ignore in coverity. > + if (fd < 0) { > + SYSERROR("mkstemp error"); > + return NULL; > + } > + > + if (unlink(template)) { > + SYSERROR("unlink failed"); > return NULL; > } > > + file = fdopen(fd, "r+"); > + if (!file) > + return NULL; > + > lxc_list_for_each(iterator, mount) { > mount_entry = iterator->elem; > fprintf(file, "%s\n", mount_entry); > -- > 2.1.4 > > _______________________________________________ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel