C Function Tmpnam
## C Library Function - `tmpnam()`
The `tmpnam()` function is a built-in function in the C standard library (``) used to generate a unique, valid temporary filename that does not conflict with any existing file in the filesystem.
---
## Description
The `tmpnam()` function generates a unique string that can safely be used as a filename for a temporary file.
* If you pass a character array (buffer) as an argument, the generated filename is copied into this buffer, and a pointer to it is returned.
* If you pass `NULL` as the argument, the function generates the filename in an internal static buffer and returns a pointer to this buffer. Subsequent calls to `tmpnam()` will overwrite this internal buffer.
> **Note:** `tmpnam()` only generates a *filename* string; it does not actually create or open the file. You must open the file yourself using functions like `fopen()`.
---
## Declaration
The prototype for the `tmpnam()` function defined in the `` header is:
```c
char *tmpnam(char *str);
```
---
## Parameters
* **`str`**: A pointer to a character array (buffer) where the temporary filename will be stored as a null-terminated C string.
* To prevent buffer overflow, this array should be at least `L_tmpnam` characters in size. `L_tmpnam` is a macro defined in ``.
* If this parameter is `NULL`, the function uses an internal static buffer.
---
## Return Value
* **On Success**:
* If `str` is not `NULL`, the function returns `str` containing the unique filename.
* If `str` is `NULL`, the function returns a pointer to an internal static buffer containing the unique filename.
* **On Failure**: Returns `NULL` if a unique filename cannot be generated.
---
## Constants
The `` header defines two important macros related to `tmpnam()`:
| Macro | Description |
| :--- | :--- |
| `L_tmpnam` | An integer constant representing the minimum size of the character array needed to safely store the filename generated by `tmpnam()`. |
| `TMP_MAX` | The maximum number of unique filenames that `tmpnam()` is guaranteed to generate during the lifetime of a program. |
---
## Code Example
The following example demonstrates how to use `tmpnam()` both with a user-allocated buffer and with a `NULL` pointer.
```c
#include
int main()
{
// Buffer size allocated using the standard L_tmpnam macro
char buffer;
char *ptr;
// Method 1: Pass a pre-allocated buffer
tmpnam(buffer);
printf("Temporary name 1: %s\n", buffer);
// Method 2: Pass NULL to use the internal static buffer
ptr = tmpnam(NULL);
printf("Temporary name 2: %s\n", ptr);
return 0;
}
```
### Output
When you compile and run the program, it will produce output similar to the following (the exact path and filename will vary depending on the operating system and environment):
```text
Temporary name 1: /tmp/filebaalTb
Temporary name 2: /tmp/filedCIbb0
```
---
## Important Considerations & Security Warnings
While `tmpnam()` is part of the standard C library, it is **highly discouraged** in modern, secure software development due to inherent security vulnerabilities.
### 1. Time-of-Check to Time-of-Use (TOCTOU) Race Condition
Because `tmpnam()` only *generates* a filename but does not *create* the file, there is a time gap between when the name is generated and when your program actually opens the file (e.g., via `fopen()`). During this brief window, a malicious process could create a file or a symbolic link with the exact same name. This can lead to:
* **Denial of Service (DoS)**: Your program fails to open the file.
* **Privilege Escalation / Data Hijacking**: Your program writes sensitive data into a file controlled by another user.
### 2. Thread Safety
Calling `tmpnam(NULL)` uses an internal static buffer. This makes the function **not thread-safe**, as multiple threads calling `tmpnam(NULL)` concurrently will overwrite each other's data.
### Recommended Alternatives
If you are writing modern C applications, consider using the following safer alternatives:
* **`tmpfile()` (Standard C)**: Automatically creates, opens, and returns a pointer to a unique temporary file (`FILE *`). The file is automatically deleted when it is closed or when the program terminates.
* **`mkstemp()` (POSIX)**: Generates a unique filename from a template, opens the file immediately with secure permissions, and returns a file descriptor. This eliminates the TOCTOU race condition.
YouTip