avoid using tmpnam() for security reasons.

instead of giving the merge stuff a filename, give it an already opened file descriptor svn path=/trunk/; revision=11273
author: Ulf Lamping <ulf.lamping@web.de> 2004-06-29 20:59:24 +0000
committer: Ulf Lamping <ulf.lamping@web.de> 2004-06-29 20:59:24 +0000
commit: 19c7f04794260e6bc54b837261673a4458cd99ee (patch)
tree: f928d40b3eea1e3c0497736d631e4549e2594b45
parent: a24b176c32f78abc72f75819bb463aa60bd6729a (diff)
5 files changed, 56 insertions, 47 deletions
diff --git a/gtk/file_dlg.c b/gtk/file_dlg.c
index 908508d45b..afb59cb687 100644
--- a/gtk/file_dlg.c
+++ b/gtk/file_dlg.c
@@ -1,7 +1,7 @@
 /* file_dlg.c
  * Dialog boxes for handling files
  *
- * $Id: file_dlg.c,v 1.124 2004/06/29 03:27:51 jmayer Exp $
+ * $Id: file_dlg.c,v 1.125 2004/06/29 20:59:23 ulfl Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -57,6 +57,7 @@
 #include "range_utils.h"
 #endif
 #include "merge.h"
+#include "util.h"
 
 
 static void file_open_ok_cb(GtkWidget *w, gpointer fs);
@@ -925,12 +926,13 @@ file_merge_cmd_cb(GtkWidget *widget, gpointer data _U_) {
 static void
 file_merge_ok_cb(GtkWidget *w, gpointer fs) {
   gchar     *cf_name, *rfilter, *s;
-  gchar     *cf_merged_name;
   GtkWidget *filter_te, *rb;
   dfilter_t *rfcode = NULL;
   int        err;
   gboolean   merge_ok;
   char      *in_filenames[2];
+  int       out_fd;
+  char      tmpname[128+1];
 
 #if (GTK_MAJOR_VERSION == 2 && GTK_MINOR_VERSION >= 4) || GTK_MAJOR_VERSION > 2
   cf_name = g_strdup(gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(fs)));
@@ -956,8 +958,7 @@ file_merge_ok_cb(GtkWidget *w, gpointer fs) {
     	return;
   }
 
-  /*XXX should use temp file stuff in util routines? */
-  cf_merged_name = g_strdup(tmpnam(NULL));
+  out_fd = create_tempfile(tmpname, sizeof tmpname, "ether");
 
   /* merge or append the two files */
   rb = OBJECT_GET_DATA(w, E_MERGE_CHRONO_KEY);
@@ -965,19 +966,19 @@ file_merge_ok_cb(GtkWidget *w, gpointer fs) {
       /* chonological order */
       in_filenames[0] = cfile.filename;
       in_filenames[1] = cf_name;
-      merge_ok = merge_n_files(cf_merged_name, 2, in_filenames, FALSE, &err);
+      merge_ok = merge_n_files(out_fd, 2, in_filenames, FALSE, &err);
   } else {
       rb = OBJECT_GET_DATA(w, E_MERGE_PREPEND_KEY);
       if(gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (rb))) {
           /* prepend file */
           in_filenames[0] = cfile.filename;
           in_filenames[1] = cf_name;
-          merge_ok = merge_n_files(cf_merged_name, 2, in_filenames, TRUE, &err);
+          merge_ok = merge_n_files(out_fd, 2, in_filenames, TRUE, &err);
       } else {
           /* append file */
           in_filenames[0] = cf_name;
           in_filenames[1] = cfile.filename;
-          merge_ok = merge_n_files(cf_merged_name, 2, in_filenames, TRUE, &err);
+          merge_ok = merge_n_files(out_fd, 2, in_filenames, TRUE, &err);
       }
   }
 
@@ -990,7 +991,6 @@ file_merge_ok_cb(GtkWidget *w, gpointer fs) {
 		  wtap_strerror(err));
     if (rfcode != NULL)
       dfilter_free(rfcode);
-    g_free(cf_merged_name);
     return;
   }
 
@@ -1000,14 +1000,13 @@ file_merge_ok_cb(GtkWidget *w, gpointer fs) {
   window_destroy(GTK_WIDGET (fs));
 
   /* Try to open the merged capture file. */
-  if ((err = cf_open(cf_merged_name, TRUE /* temporary file */, &cfile)) != 0) {
+  if ((err = cf_open(tmpname, TRUE /* temporary file */, &cfile)) != 0) {
     /* We couldn't open it; don't dismiss the open dialog box,
        just leave it around so that the user can, after they
        dismiss the alert box popped up for the open error,
        try again. */
     if (rfcode != NULL)
       dfilter_free(rfcode);
-    g_free(cf_merged_name);
     return;
   }
 
@@ -1030,18 +1029,15 @@ file_merge_ok_cb(GtkWidget *w, gpointer fs) {
        capture file has been closed - just free the capture file name
        string and return (without changing the last containing
        directory). */
-    g_free(cf_merged_name);
     return;
   }
 
   /* Save the name of the containing directory specified in the path name,
      if any; we can write over cf_merged_name, which is a good thing, given that
      "get_dirname()" does write over its argument. */
-  s = get_dirname(cf_merged_name);
+  s = get_dirname(tmpname);
   set_last_open_dir(s);
   gtk_widget_grab_focus(packet_list);
-
-  g_free(cf_merged_name);
 }
 
 static void
diff --git a/gtk/main.c b/gtk/main.c
index c83df15e93..592903b8c6 100644
--- a/gtk/main.c
+++ b/gtk/main.c
@@ -1,6 +1,6 @@
 /* main.c
  *
- * $Id: main.c,v 1.448 2004/06/29 03:27:51 jmayer Exp $
+ * $Id: main.c,v 1.449 2004/06/29 20:59:24 ulfl Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -1294,35 +1294,33 @@ dnd_uri2filename(gchar *cf_name)
 static void
 dnd_merge_files(int in_file_count, char **in_filenames)
 {
-    gchar *cf_merged_name;
+    int out_fd;
     gboolean merge_ok;
     int err;
+    char      tmpname[128+1];
 
 
-    /*XXX should use temp file stuff in util routines? */
-    cf_merged_name = g_strdup(tmpnam(NULL));
+    out_fd = create_tempfile(tmpname, sizeof tmpname, "ether");
 
     /* merge the files in chonological order */
-    merge_ok = merge_n_files(cf_merged_name, in_file_count, in_filenames, FALSE, &err);
+    merge_ok = merge_n_files(out_fd, in_file_count, in_filenames, FALSE, &err);
 
   if(!merge_ok) {
     /* merge failed */
     simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
 		  "An error occurred while merging the files: \"%s\".",
 		  wtap_strerror(err));
-    g_free(cf_merged_name);
     return;
   }
 
   cf_close(&cfile);
 
   /* Try to open the merged capture file. */
-  if ((err = cf_open(cf_merged_name, TRUE /* temporary file */, &cfile)) != 0) {
+  if ((err = cf_open(tmpname, TRUE /* temporary file */, &cfile)) != 0) {
     /* We couldn't open it; don't dismiss the open dialog box,
        just leave it around so that the user can, after they
        dismiss the alert box popped up for the open error,
        try again. */
-    g_free(cf_merged_name);
     return;
   }
 
@@ -1340,13 +1338,10 @@ dnd_merge_files(int in_file_count, char **in_filenames)
        capture file has been closed - just free the capture file name
        string and return (without changing the last containing
        directory). */
-    g_free(cf_merged_name);
     return;
   }
 
   gtk_widget_grab_focus(packet_list);
-
-  g_free(cf_merged_name);
 }
 
 /* open/merge the dnd file */
diff --git a/merge.c b/merge.c
index b3dd1cc3fc..33a12e1637 100644
--- a/merge.c
+++ b/merge.c
@@ -1,6 +1,6 @@
 /* Combine two dump files, either by appending or by merging by timestamp
  *
- * $Id: merge.c,v 1.5 2004/06/21 16:45:06 ulfl Exp $
+ * $Id: merge.c,v 1.6 2004/06/29 20:59:23 ulfl Exp $
  *
  * Written by Scott Renfro <scott@renfro.org> based on
  * editcap by Richard Sharpe and Guy Harris
@@ -55,8 +55,8 @@ write_frame(wtap *wth, merge_out_file_t *out_file, int *err)
 
   if (!wtap_dump(out_file->pdh, phdr, wtap_pseudoheader(wth), wtap_buf_ptr(wth), err)) {
     if (merge_verbose == VERBOSE_ERRORS)
-      fprintf(stderr, "mergecap: Error writing to %s: %s\n",
-            out_file->filename, wtap_strerror(*err));
+      fprintf(stderr, "mergecap: Error writing to outfile: %s\n",
+            wtap_strerror(*err));
     return FALSE;
   }
 
@@ -102,8 +102,8 @@ merge_append_files(int count, merge_in_file_t in_files[], merge_out_file_t *out_
   for (i = 0; i < count; i++) {
     if (!append_loop(in_files[i].wth, 0, out_file, err, &err_info)) {
         if (merge_verbose == VERBOSE_ERRORS)
-          fprintf(stderr, "mergecap: Error appending %s to %s: %s\n",
-                  in_files[i].filename, out_file->filename, wtap_strerror(*err));
+          fprintf(stderr, "mergecap: Error appending %s to outfile: %s\n",
+                  in_files[i].filename, wtap_strerror(*err));
           switch (*err) {
 
           case WTAP_ERR_UNSUPPORTED:
@@ -248,8 +248,8 @@ merge_close_outfile(merge_out_file_t *out_file)
   int err;
   if (!wtap_dump_close(out_file->pdh, &err)) {
     if (merge_verbose == VERBOSE_ERRORS)
-        fprintf(stderr, "mergecap: Error closing file %s: %s\n",
-            out_file->filename, wtap_strerror(err));
+        fprintf(stderr, "mergecap: Error closing output file: %s\n",
+            wtap_strerror(err));
   }
 }
 
@@ -269,16 +269,12 @@ merge_open_outfile(merge_out_file_t *out_file, int snapshot_len, int *err)
     return FALSE;
   }
 
-  /* Allow output to stdout by using - */
-  if (strncmp(out_file->filename, "-", 2) == 0)
-    out_file->filename = "";
 
-
-  out_file->pdh = wtap_dump_open(out_file->filename, out_file->file_type,
+  out_file->pdh = wtap_dump_fdopen(out_file->fd, out_file->file_type,
                                  out_file->frame_type, snapshot_len, err);
   if (!out_file->pdh) {
     if (merge_verbose == VERBOSE_ERRORS) {
-        fprintf(stderr, "mergecap: Can't open/create %s:\n", out_file->filename);
+        fprintf(stderr, "mergecap: Can't open/create output file:\n");
         fprintf(stderr, "          %s\n", wtap_strerror(*err));
     }
     return FALSE;
@@ -379,7 +375,7 @@ merge_open_in_files(int in_file_count, char *in_file_names[], merge_in_file_t *i
  * Convenience function: merge two files into one.
  */
 gboolean
-merge_n_files(char *out_filename, int in_file_count, char **in_filenames, gboolean do_append, int *err)
+merge_n_files(int out_fd, int in_file_count, char **in_filenames, gboolean do_append, int *err)
 {
   extern char *optarg;
   extern int   optind;
@@ -388,7 +384,7 @@ merge_n_files(char *out_filename, int in_file_count, char **in_filenames, gboole
   gboolean     ret;
 
   /* initialize out_file */
-  out_file.filename   = out_filename;
+  out_file.fd         = out_fd;
   out_file.pdh        = NULL;              /* wiretap dumpfile */
   out_file.file_type  = WTAP_FILE_PCAP;    /* default to "libpcap" */
   out_file.frame_type = -2;                /* leave type alone */
diff --git a/merge.h b/merge.h
index 736638053e..933333c146 100644
--- a/merge.h
+++ b/merge.h
@@ -2,7 +2,7 @@
  * Definitions for menu routines with toolkit-independent APIs but
  * toolkit-dependent implementations.
  *
- * $Id: merge.h,v 1.3 2004/06/21 16:45:06 ulfl Exp $
+ * $Id: merge.h,v 1.4 2004/06/29 20:59:23 ulfl Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -46,7 +46,7 @@ typedef struct merge_in_file_s {
  * Structures to manage our output file.
  */
 typedef struct merge_out_file_s {
-  const char  *filename;
+  int          fd;
   wtap_dumper *pdh;
   int          file_type;
   int          frame_type;
@@ -152,7 +152,7 @@ merge_append_files(int in_file_count, merge_in_file_t in_files[], merge_out_file
  * @return TRUE if function succeeded
  */
 extern gboolean
-merge_n_files(char *out_filename, int in_file_count, char **in_filenames, gboolean do_append, int *err);
+merge_n_files(int out_fd, int in_file_count, char **in_filenames, gboolean do_append, int *err);
 
 
 #ifdef __cplusplus
diff --git a/mergecap.c b/mergecap.c
index 16365786c7..8038e70fb4 100644
--- a/mergecap.c
+++ b/mergecap.c
@@ -1,6 +1,6 @@
 /* Combine two dump files, either by appending or by merging by timestamp
  *
- * $Id: mergecap.c,v 1.21 2004/06/18 10:01:59 ulfl Exp $
+ * $Id: mergecap.c,v 1.22 2004/06/29 20:59:23 ulfl Exp $
  *
  * Written by Scott Renfro <scott@renfro.org> based on
  * editcap by Richard Sharpe and Guy Harris
@@ -33,6 +33,14 @@
 #include "cvsversion.h"
 #include "merge.h"
 
+#ifdef HAVE_IO_H
+# include <io.h>
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
 
 /*
  * Show the usage
@@ -82,9 +90,10 @@ main(int argc, char *argv[])
   merge_in_file_t   *in_files      = NULL;
   merge_out_file_t   out_file;
   int          err;
+  char        *out_filename;
 
   /* initialize out_file */
-  out_file.filename   = NULL;
+  out_file.fd         = 0;
   out_file.pdh        = NULL;              /* wiretap dumpfile */
   out_file.file_type  = WTAP_FILE_PCAP;    /* default to "libpcap" */
   out_file.frame_type = -2;                /* leave type alone */
@@ -98,7 +107,7 @@ main(int argc, char *argv[])
 
     switch (opt) {
     case 'w':
-      out_file.filename = optarg;
+	  out_filename = optarg;
       break;
 
     case 'a':
@@ -159,7 +168,7 @@ main(int argc, char *argv[])
    * filename and one input file
    */
   in_file_count = argc - optind;
-  if (!out_file.filename) {
+  if (!out_filename) {
     fprintf(stderr, "mergecap: an output filename must be set with -w\n");
     fprintf(stderr, "          run with -h for help\n");
     exit(1);
@@ -177,6 +186,19 @@ main(int argc, char *argv[])
     out_file.frame_type = merge_select_frame_type(in_file_count, in_files);
 
   /* open the outfile */
+  if (strncmp(out_filename, "-", 2) == 0) {  
+    /* use stdout as the outfile */
+    out_file.fd = 1 /*stdout*/;
+  } else {
+    /* open the outfile */
+    out_file.fd = open(out_filename, O_BINARY | O_WRONLY);
+  }
+  if(out_file.fd == -1) {
+    fprintf(stderr, "mergecap: couldn't open output file\n");
+    exit(1);
+  }  
+    
+  /* prepare the outfile */
   if (!merge_open_outfile(&out_file, merge_max_snapshot_length(in_file_count, in_files), &err)) {
     merge_close_in_files(in_file_count, in_files);
     exit(1);
author	Ulf Lamping <ulf.lamping@web.de>	2004-06-29 20:59:24 +0000
committer	Ulf Lamping <ulf.lamping@web.de>	2004-06-29 20:59:24 +0000
commit	19c7f04794260e6bc54b837261673a4458cd99ee (patch)
tree	f928d40b3eea1e3c0497736d631e4549e2594b45
parent	a24b176c32f78abc72f75819bb463aa60bd6729a (diff)