What is the security hole in tmpfile and how does tmpfile_s solve it?

有帮助吗?

解决方案

In this case, it appears to fall under the "Enhanced error reporting" category of upgrades to the Windows CRT. In this case, it basically means that it will return a status value and fill out a pre-given FILE pointer, rather than just returning a FILE pointer.

I doubt there was actually a security flaw with tmpfile, more that Microsoft were bringing the implementation of it to the same standards as other functions in their CRT without breaking API compatibility with a standard CRT, as described here: http://msdn.microsoft.com/en-us/library/8ef0s5kh.aspx.

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top