httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 30385] - the use of `tmpnam' is dangerous, better use `mkstemp'
Date Thu, 04 Nov 2004 08:10:18 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30385>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=30385

the use of `tmpnam' is dangerous, better use `mkstemp'





------- Additional Comments From jorton@redhat.com  2004-11-04 08:10 -------
./modules/ldap/util_ldap.c:            st->lock_file   =
ap_server_root_relative(st->pool, tmpnam(NULL));

it may be safe but it's totally wacky since tmpnam returns filenames with a /tmp
prefix.  The APR tmpfile interface should be used instead.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message