Issue #1689: create unique temporary file with g_file_open_tmp().

Not sure this is really solving the issue reported, which is that `g_get_tmp_dir()` uses environment variables (yet as g_file_open_tmp() uses g_get_tmp_dir()…). But at least g_file_open_tmp() should create unique temporary files, which prevents overriding existing files (which is most likely the only real attack possible here, or at least the only one I can think of unless some weird vulnerabilities exist in glib).
GNOME · Jun 24, 2018 · c21eff4 · c21eff4 · msmeissn · Jun 25, 2018
1 parent b87d34b
commit c21eff4
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/app/tests/test-xcf.c b/app/tests/test-xcf.c
@@ -295,7 +295,8 @@ gimp_write_and_read_file (Gimp     *gimp,
   GimpImage           *image;
   GimpImage           *loaded_image;
   GimpPlugInProcedure *proc;
-  gchar               *filename;
+  gchar               *filename = NULL;
+  gint                 file_handle;
   GFile               *file;
 
   /* Create the image */
@@ -311,7 +312,9 @@ gimp_write_and_read_file (Gimp     *gimp,
                          use_gimp_2_8_features);
 
   /* Write to file */
-  filename = g_build_filename (g_get_tmp_dir (), "gimp-test.xcf", NULL);
+  file_handle = g_file_open_tmp ("gimp-test-XXXXXX.xcf", &filename, NULL);
+  g_assert (file_handle != -1);
+  close (file_handle);
   file = g_file_new_for_path (filename);
   g_free (filename);