diff options
| author | Ulf Lamping <ulf.lamping@web.de> | 2004-06-29 20:59:24 +0000 |
|---|---|---|
| committer | Ulf Lamping <ulf.lamping@web.de> | 2004-06-29 20:59:24 +0000 |
| commit | 19c7f04794260e6bc54b837261673a4458cd99ee (patch) | |
| tree | f928d40b3eea1e3c0497736d631e4549e2594b45 | |
| parent | a24b176c32f78abc72f75819bb463aa60bd6729a (diff) | |
| download | wireshark-19c7f04794260e6bc54b837261673a4458cd99ee.tar.gz wireshark-19c7f04794260e6bc54b837261673a4458cd99ee.tar.bz2 wireshark-19c7f04794260e6bc54b837261673a4458cd99ee.zip | |
avoid using tmpnam() for security reasons.
instead of giving the merge stuff a filename,
give it an already opened file descriptor
svn path=/trunk/; revision=11273
| -rw-r--r-- | gtk/file_dlg.c | 24 | ||||
| -rw-r--r-- | gtk/main.c | 17 | ||||
| -rw-r--r-- | merge.c | 26 | ||||
| -rw-r--r-- | merge.h | 6 | ||||
| -rw-r--r-- | mergecap.c | 30 |
5 files changed, 56 insertions, 47 deletions
diff --git a/gtk/file_dlg.c b/gtk/file_dlg.c index 908508d45b..afb59cb687 100644 --- a/gtk/file_dlg.c +++ b/gtk/file_dlg.c @@ -1,7 +1,7 @@ /* file_dlg.c * Dialog boxes for handling files * - * $Id: file_dlg.c,v 1.124 2004/06/29 03:27:51 jmayer Exp $ + * $Id: file_dlg.c,v 1.125 2004/06/29 20:59:23 ulfl Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -57,6 +57,7 @@ #include "range_utils.h" #endif #include "merge.h" +#include "util.h" static void file_open_ok_cb(GtkWidget *w, gpointer fs); @@ -925,12 +926,13 @@ file_merge_cmd_cb(GtkWidget *widget, gpointer data _U_) { static void file_merge_ok_cb(GtkWidget *w, gpointer fs) { gchar *cf_name, *rfilter, *s; - gchar *cf_merged_name; GtkWidget *filter_te, *rb; dfilter_t *rfcode = NULL; int err; gboolean merge_ok; char *in_filenames[2]; + int out_fd; + char tmpname[128+1]; #if (GTK_MAJOR_VERSION == 2 && GTK_MINOR_VERSION >= 4) || GTK_MAJOR_VERSION > 2 cf_name = g_strdup(gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(fs))); @@ -956,8 +958,7 @@ file_merge_ok_cb(GtkWidget *w, gpointer fs) { return; } - /*XXX should use temp file stuff in util routines? */ - cf_merged_name = g_strdup(tmpnam(NULL)); + out_fd = create_tempfile(tmpname, sizeof tmpname, "ether"); /* merge or append the two files */ rb = OBJECT_GET_DATA(w, E_MERGE_CHRONO_KEY); @@ -965,19 +966,19 @@ file_merge_ok_cb(GtkWidget *w, gpointer fs) { /* chonological order */ in_filenames[0] = cfile.filename; in_filenames[1] = cf_name; - merge_ok = merge_n_files(cf_merged_name, 2, in_filenames, FALSE, &err); + merge_ok = merge_n_files(out_fd, 2, in_filenames, FALSE, &err); } else { rb = OBJECT_GET_DATA(w, E_MERGE_PREPEND_KEY); if(gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (rb))) { /* prepend file */ in_filenames[0] = cfile.filename; in_filenames[1] = cf_name; - merge_ok = merge_n_files(cf_merged_name, 2, in_filenames, TRUE, &err); + merge_ok = merge_n_files(out_fd, 2, in_filenames, TRUE, &err); } else { /* append file */ in_filenames[0] = cf_name; in_filenames[1] = cfile.filename; - merge_ok = merge_n_files(cf_merged_name, 2, in_filenames, TRUE, &err); + merge_ok = merge_n_files(out_fd, 2, in_filenames, TRUE, &err); } } @@ -990,7 +991,6 @@ file_merge_ok_cb(GtkWidget *w, gpointer fs) { wtap_strerror(err)); if (rfcode != NULL) dfilter_free(rfcode); - g_free(cf_merged_name); return; } @@ -1000,14 +1000,13 @@ file_merge_ok_cb(GtkWidget *w, gpointer fs) { window_destroy(GTK_WIDGET (fs)); /* Try to open the merged capture file. */ - if ((err = cf_open(cf_merged_name, TRUE /* temporary file */, &cfile)) != 0) { + if ((err = cf_open(tmpname, TRUE /* temporary file */, &cfile)) != 0) { /* We couldn't open it; don't dismiss the open dialog box, just leave it around so that the user can, after they dismiss the alert box popped up for the open error, try again. */ if (rfcode != NULL) dfilter_free(rfcode); - g_free(cf_merged_name); return; } @@ -1030,18 +1029,15 @@ file_merge_ok_cb(GtkWidget *w, gpointer fs) { capture file has been closed - just free the capture file name string and return (without changing the last containing directory). */ - g_free(cf_merged_name); return; } /* Save the name of the containing directory specified in the path name, if any; we can write over cf_merged_name, which is a good thing, given that "get_dirname()" does write over its argument. */ - s = get_dirname(cf_merged_name); + s = get_dirname(tmpname); set_last_open_dir(s); gtk_widget_grab_focus(packet_list); - - g_free(cf_merged_name); } static void diff --git a/gtk/main.c b/gtk/main.c index c83df15e93..592903b8c6 100644 --- a/gtk/main.c +++ b/gtk/main.c @@ -1,6 +1,6 @@ /* main.c * - * $Id: main.c,v 1.448 2004/06/29 03:27:51 jmayer Exp $ + * $Id: main.c,v 1.449 2004/06/29 20:59:24 ulfl Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -1294,35 +1294,33 @@ dnd_uri2filename(gchar *cf_name) static void dnd_merge_files(int in_file_count, char **in_filenames) { - gchar *cf_merged_name; + int out_fd; gboolean merge_ok; int err; + char tmpname[128+1]; - /*XXX should use temp file stuff in util routines? */ - cf_merged_name = g_strdup(tmpnam(NULL)); + out_fd = create_tempfile(tmpname, sizeof tmpname, "ether"); /* merge the files in chonological order */ - merge_ok = merge_n_files(cf_merged_name, in_file_count, in_filenames, FALSE, &err); + merge_ok = merge_n_files(out_fd, in_file_count, in_filenames, FALSE, &err); if(!merge_ok) { /* merge failed */ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "An error occurred while merging the files: \"%s\".", wtap_strerror(err)); - g_free(cf_merged_name); return; } cf_close(&cfile); /* Try to open the merged capture file. */ - if ((err = cf_open(cf_merged_name, TRUE /* temporary file */, &cfile)) != 0) { + if ((err = cf_open(tmpname, TRUE /* temporary file */, &cfile)) != 0) { /* We couldn't open it; don't dismiss the open dialog box, just leave it around so that the user can, after they dismiss the alert box popped up for the open error, try again. */ - g_free(cf_merged_name); return; } @@ -1340,13 +1338,10 @@ dnd_merge_files(int in_file_count, char **in_filenames) capture file has been closed - just free the capture file name string and return (without changing the last containing directory). */ - g_free(cf_merged_name); return; } gtk_widget_grab_focus(packet_list); - - g_free(cf_merged_name); } /* open/merge the dnd file */ @@ -1,6 +1,6 @@ /* Combine two dump files, either by appending or by merging by timestamp * - * $Id: merge.c,v 1.5 2004/06/21 16:45:06 ulfl Exp $ + * $Id: merge.c,v 1.6 2004/06/29 20:59:23 ulfl Exp $ * * Written by Scott Renfro <scott@renfro.org> based on * editcap by Richard Sharpe and Guy Harris @@ -55,8 +55,8 @@ write_frame(wtap *wth, merge_out_file_t *out_file, int *err) if (!wtap_dump(out_file->pdh, phdr, wtap_pseudoheader(wth), wtap_buf_ptr(wth), err)) { if (merge_verbose == VERBOSE_ERRORS) - fprintf(stderr, "mergecap: Error writing to %s: %s\n", - out_file->filename, wtap_strerror(*err)); + fprintf(stderr, "mergecap: Error writing to outfile: %s\n", + wtap_strerror(*err)); return FALSE; } @@ -102,8 +102,8 @@ merge_append_files(int count, merge_in_file_t in_files[], merge_out_file_t *out_ for (i = 0; i < count; i++) { if (!append_loop(in_files[i].wth, 0, out_file, err, &err_info)) { if (merge_verbose == VERBOSE_ERRORS) - fprintf(stderr, "mergecap: Error appending %s to %s: %s\n", - in_files[i].filename, out_file->filename, wtap_strerror(*err)); + fprintf(stderr, "mergecap: Error appending %s to outfile: %s\n", + in_files[i].filename, wtap_strerror(*err)); switch (*err) { case WTAP_ERR_UNSUPPORTED: @@ -248,8 +248,8 @@ merge_close_outfile(merge_out_file_t *out_file) int err; if (!wtap_dump_close(out_file->pdh, &err)) { if (merge_verbose == VERBOSE_ERRORS) - fprintf(stderr, "mergecap: Error closing file %s: %s\n", - out_file->filename, wtap_strerror(err)); + fprintf(stderr, "mergecap: Error closing output file: %s\n", + wtap_strerror(err)); } } @@ -269,16 +269,12 @@ merge_open_outfile(merge_out_file_t *out_file, int snapshot_len, int *err) return FALSE; } - /* Allow output to stdout by using - */ - if (strncmp(out_file->filename, "-", 2) == 0) - out_file->filename = ""; - - out_file->pdh = wtap_dump_open(out_file->filename, out_file->file_type, + out_file->pdh = wtap_dump_fdopen(out_file->fd, out_file->file_type, out_file->frame_type, snapshot_len, err); if (!out_file->pdh) { if (merge_verbose == VERBOSE_ERRORS) { - fprintf(stderr, "mergecap: Can't open/create %s:\n", out_file->filename); + fprintf(stderr, "mergecap: Can't open/create output file:\n"); fprintf(stderr, " %s\n", wtap_strerror(*err)); } return FALSE; @@ -379,7 +375,7 @@ merge_open_in_files(int in_file_count, char *in_file_names[], merge_in_file_t *i * Convenience function: merge two files into one. */ gboolean -merge_n_files(char *out_filename, int in_file_count, char **in_filenames, gboolean do_append, int *err) +merge_n_files(int out_fd, int in_file_count, char **in_filenames, gboolean do_append, int *err) { extern char *optarg; extern int optind; @@ -388,7 +384,7 @@ merge_n_files(char *out_filename, int in_file_count, char **in_filenames, gboole gboolean ret; /* initialize out_file */ - out_file.filename = out_filename; + out_file.fd = out_fd; out_file.pdh = NULL; /* wiretap dumpfile */ out_file.file_type = WTAP_FILE_PCAP; /* default to "libpcap" */ out_file.frame_type = -2; /* leave type alone */ @@ -2,7 +2,7 @@ * Definitions for menu routines with toolkit-independent APIs but * toolkit-dependent implementations. * - * $Id: merge.h,v 1.3 2004/06/21 16:45:06 ulfl Exp $ + * $Id: merge.h,v 1.4 2004/06/29 20:59:23 ulfl Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -46,7 +46,7 @@ typedef struct merge_in_file_s { * Structures to manage our output file. */ typedef struct merge_out_file_s { - const char *filename; + int fd; wtap_dumper *pdh; int file_type; int frame_type; @@ -152,7 +152,7 @@ merge_append_files(int in_file_count, merge_in_file_t in_files[], merge_out_file * @return TRUE if function succeeded */ extern gboolean -merge_n_files(char *out_filename, int in_file_count, char **in_filenames, gboolean do_append, int *err); +merge_n_files(int out_fd, int in_file_count, char **in_filenames, gboolean do_append, int *err); #ifdef __cplusplus diff --git a/mergecap.c b/mergecap.c index 16365786c7..8038e70fb4 100644 --- a/mergecap.c +++ b/mergecap.c @@ -1,6 +1,6 @@ /* Combine two dump files, either by appending or by merging by timestamp * - * $Id: mergecap.c,v 1.21 2004/06/18 10:01:59 ulfl Exp $ + * $Id: mergecap.c,v 1.22 2004/06/29 20:59:23 ulfl Exp $ * * Written by Scott Renfro <scott@renfro.org> based on * editcap by Richard Sharpe and Guy Harris @@ -33,6 +33,14 @@ #include "cvsversion.h" #include "merge.h" +#ifdef HAVE_IO_H +# include <io.h> +#endif + +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif + /* * Show the usage @@ -82,9 +90,10 @@ main(int argc, char *argv[]) merge_in_file_t *in_files = NULL; merge_out_file_t out_file; int err; + char *out_filename; /* initialize out_file */ - out_file.filename = NULL; + out_file.fd = 0; out_file.pdh = NULL; /* wiretap dumpfile */ out_file.file_type = WTAP_FILE_PCAP; /* default to "libpcap" */ out_file.frame_type = -2; /* leave type alone */ @@ -98,7 +107,7 @@ main(int argc, char *argv[]) switch (opt) { case 'w': - out_file.filename = optarg; + out_filename = optarg; break; case 'a': @@ -159,7 +168,7 @@ main(int argc, char *argv[]) * filename and one input file */ in_file_count = argc - optind; - if (!out_file.filename) { + if (!out_filename) { fprintf(stderr, "mergecap: an output filename must be set with -w\n"); fprintf(stderr, " run with -h for help\n"); exit(1); @@ -177,6 +186,19 @@ main(int argc, char *argv[]) out_file.frame_type = merge_select_frame_type(in_file_count, in_files); /* open the outfile */ + if (strncmp(out_filename, "-", 2) == 0) { + /* use stdout as the outfile */ + out_file.fd = 1 /*stdout*/; + } else { + /* open the outfile */ + out_file.fd = open(out_filename, O_BINARY | O_WRONLY); + } + if(out_file.fd == -1) { + fprintf(stderr, "mergecap: couldn't open output file\n"); + exit(1); + } + + /* prepare the outfile */ if (!merge_open_outfile(&out_file, merge_max_snapshot_length(in_file_count, in_files), &err)) { merge_close_in_files(in_file_count, in_files); exit(1); |