Hi David, David Sommerseth wrote: > + } > + while (attempts < 6); > > - return gen_path (directory, BSTR (&fname), gc); > + msg (M_FATAL, "Failed to create temporary file after %i attempts", > attempts); > + return NULL; > }
I noticed something else ... if - hypothetically - someone manages to guess our file names 5 times in a row, we abort the OpenVPN process. Maybe that's a bit drastic? If I understand M_FATAL correctly, msg() doesn't even return. So effectively, the create_temp_file() function never returns NULL, because all error cases are currently fatal. As you've apparently prepared the code for the NULL case in your 2/3 patch, I would suggest a non-fatal error code for at least the last case. Cheers Fabian
