Return-Path: 
 <bugs-return-16008-apmail-httpd-bugs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-bugs-archive@www.apache.org
Received: (qmail 62973 invoked from network); 4 Nov 2004 08:10:23 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 4 Nov 2004 08:10:23 -0000
Received: (qmail 76741 invoked by uid 500); 4 Nov 2004 08:10:21 -0000
Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org
Received: (qmail 76656 invoked by uid 500); 4 Nov 2004 08:10:20 -0000
Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:bugs@httpd.apache.org>
List-Help: <mailto:bugs-help@httpd.apache.org>
List-Unsubscribe: <mailto:bugs-unsubscribe@httpd.apache.org>
List-Subscribe: <mailto:bugs-subscribe@httpd.apache.org>
Reply-To: "Apache HTTPD Bugs Notification List" <bugs@httpd.apache.org>
Delivered-To: mailing list bugs@httpd.apache.org
Received: (qmail 76605 invoked by uid 99); 4 Nov 2004 08:10:20 -0000
X-ASF-Spam-Status: No, hits=0.1 required=10.0
	tests=NO_REAL_NAME,UPPERCASE_25_50
X-Spam-Check-By: apache.org
Received: from [192.18.33.10] (HELO exchange.sun.com) (192.18.33.10)
  by apache.org (qpsmtpd/0.28) with SMTP; Thu, 04 Nov 2004 00:10:19 -0800
Received: (qmail 10685 invoked by uid 50); 4 Nov 2004 08:10:18 -0000
Date: 4 Nov 2004 08:10:18 -0000
Message-ID: <20041104081018.10684.qmail@nagoya.betaversion.org>
From: bugzilla@apache.org
To: bugs@httpd.apache.org
Cc: 
Subject: DO NOT REPLY [Bug 30385]  -
    the use of `tmpnam' is dangerous, better use `mkstemp'
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30385>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=30385

the use of `tmpnam' is dangerous, better use `mkstemp'





------- Additional Comments From jorton@redhat.com  2004-11-04 08:10 -------
./modules/ldap/util_ldap.c:            st->lock_file   =
ap_server_root_relative(st->pool, tmpnam(NULL));

it may be safe but it's totally wacky since tmpnam returns filenames with a /tmp
prefix.  The APR tmpfile interface should be used instead.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org