[webkit-changes] [164179] trunk/Source/WebKit2

Sat, 15 Feb 2014 13:10:49 -0800

Title: [164179] trunk/Source/WebKit2
Revision
164179
Author
[email protected]
Date
2014-02-15 13:15:49 -0800 (Sat, 15 Feb 2014)

Log Message

[EFL][WK2] Stop calling mktemp(3).
https://bugs.webkit.org/show_bug.cgi?id=128826

Reviewed by Gyuyoung Kim.

mktemp(3) is an insecure function and should be avoided at all costs.
Replace its usage with mkdtemp(3): instead of just getting a file name
that is supposed to be random and unused, we now create a directory
with a random name and then put whatever files we need there with fixed
names.

* UIProcess/API/efl/tests/test_ewk2_cookie_manager.cpp:
(TEST_F):
* UIProcess/API/efl/tests/test_ewk2_download_job.cpp:
(TEST_F):

Modified Paths

Diff

Modified: trunk/Source/WebKit2/ChangeLog (164178 => 164179)


--- trunk/Source/WebKit2/ChangeLog	2014-02-15 19:45:54 UTC (rev 164178)
+++ trunk/Source/WebKit2/ChangeLog	2014-02-15 21:15:49 UTC (rev 164179)
@@ -1,3 +1,21 @@
+2014-02-15  Raphael Kubo da Costa  <[email protected]>
+
+        [EFL][WK2] Stop calling mktemp(3).
+        https://bugs.webkit.org/show_bug.cgi?id=128826
+
+        Reviewed by Gyuyoung Kim.
+
+        mktemp(3) is an insecure function and should be avoided at all costs.
+        Replace its usage with mkdtemp(3): instead of just getting a file name
+        that is supposed to be random and unused, we now create a directory
+        with a random name and then put whatever files we need there with fixed
+        names.
+
+        * UIProcess/API/efl/tests/test_ewk2_cookie_manager.cpp:
+        (TEST_F):
+        * UIProcess/API/efl/tests/test_ewk2_download_job.cpp:
+        (TEST_F):
+
 2014-02-15  Dan Bernstein  <[email protected]>
 
         Stop using PLATFORM(MAC) in WebKit2/UIProcess except where it means “OS X but not iOS”

Modified: trunk/Source/WebKit2/UIProcess/API/efl/tests/test_ewk2_cookie_manager.cpp (164178 => 164179)


--- trunk/Source/WebKit2/UIProcess/API/efl/tests/test_ewk2_cookie_manager.cpp	2014-02-15 19:45:54 UTC (rev 164178)
+++ trunk/Source/WebKit2/UIProcess/API/efl/tests/test_ewk2_cookie_manager.cpp	2014-02-15 21:15:49 UTC (rev 164179)
@@ -22,6 +22,7 @@
 
 #include "UnitTestUtils/EWK2UnitTestBase.h"
 #include "UnitTestUtils/EWK2UnitTestServer.h"
+#include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 
@@ -199,10 +200,12 @@
     ewk_cookie_manager_changes_watch(cookieManager, onCookiesChanged, &cookiesChanged);
 
     // Make sure we don't get notifications when loading setting an existing persistent storage
-    char textStorage1[] = "/tmp/txt-cookie.XXXXXX";
-    ASSERT_TRUE(mktemp(textStorage1));
-    char textStorage2[] = "/tmp/txt-cookie.XXXXXX";
-    ASSERT_TRUE(mktemp(textStorage2));
+    char storageDirectory[] = "/tmp/ewk2_cookie_manager-XXXXXX";
+    ASSERT_TRUE(mkdtemp(storageDirectory));
+    char textStorage1[64];
+    snprintf(textStorage1, sizeof(textStorage1), "%s/txt-cookie1", storageDirectory);
+    char textStorage2[64];
+    snprintf(textStorage2, sizeof(textStorage2), "%s/txt-cookie2", storageDirectory);
 
     ewk_cookie_manager_persistent_storage_set(cookieManager, textStorage1, EWK_COOKIE_PERSISTENT_STORAGE_TEXT);
     ASSERT_TRUE(loadUrlSync(httpServer->getURLForPath("/index.html").data()));
@@ -221,6 +224,7 @@
     ewk_cookie_manager_changes_watch(cookieManager, 0, 0);
     unlink(textStorage1);
     unlink(textStorage2);
+    rmdir(storageDirectory);
 }
 
 TEST_F(EWK2CookieManagerTest, ewk_cookie_manager_cookies_delete)
@@ -265,10 +269,12 @@
     httpServer->run(serverCallback);
 
     // Generate unique names for cookie storages.
-    char textStorage[] = "/tmp/txt-cookie.XXXXXX";
-    ASSERT_TRUE(mktemp(textStorage));
-    char sqliteStorage[] = "/tmp/sqlite-cookie.XXXXXX";
-    ASSERT_TRUE(mktemp(sqliteStorage));
+    char storageDirectory[] = "/tmp/ewk2_cookie_manager-XXXXXX";
+    ASSERT_TRUE(mkdtemp(storageDirectory));
+    char textStorage[64];
+    snprintf(textStorage, sizeof(textStorage), "%s/txt-cookie", storageDirectory);
+    char sqliteStorage[64];
+    snprintf(sqliteStorage, sizeof(sqliteStorage), "%s/sqlite-cookie", storageDirectory);
 
     Ewk_Cookie_Manager* cookieManager = ewk_context_cookie_manager_get(ewk_view_context_get(webView()));
     ASSERT_TRUE(cookieManager);
@@ -305,4 +311,5 @@
     // Final clean up.
     unlink(textStorage);
     unlink(sqliteStorage);
+    rmdir(storageDirectory);
 }

Modified: trunk/Source/WebKit2/UIProcess/API/efl/tests/test_ewk2_download_job.cpp (164178 => 164179)


--- trunk/Source/WebKit2/UIProcess/API/efl/tests/test_ewk2_download_job.cpp	2014-02-15 19:45:54 UTC (rev 164178)
+++ trunk/Source/WebKit2/UIProcess/API/efl/tests/test_ewk2_download_job.cpp	2014-02-15 21:15:49 UTC (rev 164179)
@@ -29,6 +29,8 @@
 #include "UnitTestUtils/EWK2UnitTestServer.h"
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
 #include <unistd.h>
 
 using namespace EWK2UnitTest;
@@ -152,12 +154,13 @@
     std::unique_ptr<EWK2UnitTestServer> httpServer = std::make_unique<EWK2UnitTestServer>();
     httpServer->run(serverCallback);
 
-    // Generate unique name for destination file.
-    char destinationPath[] = "/tmp/pdf-file.XXXXXX";
-    ASSERT_TRUE(mktemp(destinationPath));
-
     CString fileUrl = httpServer->getURLForPath(testFilePath);
 
+    char destinationDirectory[] = "/tmp/ewk2_download_job-XXXXXX";
+    ASSERT_TRUE(mkdtemp(destinationDirectory));
+    char destinationPath[64];
+    snprintf(destinationPath, sizeof(destinationPath), "%s/pdf-file", destinationDirectory);
+
     DownloadTestData userData = { fileUrl.data(), destinationPath };
     ASSERT_FALSE(fileExists(destinationPath));
 
@@ -172,4 +175,5 @@
 
     // Clean up
     unlink(destinationPath);
+    rmdir(destinationDirectory);
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to