|
From: | Jakub Wilk |
Subject: | Re: [Qemu-devel] [oss-security] QEMU 2.3.0 tmp vulns CVE request |
Date: | Sat, 16 May 2015 16:38:29 +0200 |
User-agent: | Mutt/1.5.23 (2014-03-12) |
* Michael Tokarev <address@hidden>, 2015-05-16, 11:45:
./net/slirp.c: snprintf(s->smb_dir, sizeof(s->smb_dir), "/tmp/qemu-smb.%ld-%d", (long)getpid(), instance++);This one is real, used for -smb argument, to start smbd, making its configuration. Maybe tmpnam() should be used here.
"Never use this function. Use mkstemp(3) or tmpfile(3) instead." -- Jakub Wilk
[Prev in Thread] | Current Thread | [Next in Thread] |