Closed Bug 173178 Opened 22 years ago Closed 22 years ago

nsXIEngine.cpp uses tempnam instead of mkstemp

Categories

(Core Graveyard :: Installer: XPInstall Engine, defect)

Product:
Core Graveyard
Component:
Installer: XPInstall Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla1.3beta

People

(Reporter: justink, Assigned: dveditz)

References

(
URL
)

Details

Attachments

(1 file, 2 obsolete files)

v1.2
1.28 KB, patch
slogan
: review+
dveditz
: superreview+
Details | Diff | Splinter Review 
xpinstall/wizard/unix/src2/nsXIEngine.cpp:553

this uses the tempnam function which is deemed unacceptable by gcc3.2 and causes
gcc to exit. The solution is to use the recommendation and change to mkstemp

mTmp = tempnam( (const char *) NULL, "xpi" );

to

mTmp = mkstemp("xpi" );
Before we could change the install code we'd have to make sure all the other
unixes support mkstemp, or change autoconf to check for support so we can ifdef it.
Assignee: dveditz → seawood
Status: UNCONFIRMED → NEW
Component: Installer: XPInstall Engine → Build Config
Ever confirmed: true
QA Contact: jimmylee → granrose
The only unices that we build the installer for are solaris & linux and both of
these support mkstemp.  Adding a mkstemp autoconf check (via AC_CHECK_FUNCS) is
fairly simple if you still want to do this so that other OSes can build the
installer via --enable-installer.
Assignee: seawood → dveditz
Component: Build Config → Installer: XPInstall Engine
QA Contact: granrose → jimmylee
This is not just a compilation issue (gcc complains), but also a security issue
(tempnam creates predictable names).
URL: http://lxr.mozilla.org/mozilla/search...
Attachment #108298 - Attachment is obsolete: true
Comment on attachment 108298 [details] [diff] [review]
patch

This should probably be something along the lines of

mkstemp("/tmp/xpi.XXXXXX")
Actually, it turns out that mkstemp isn't a drop in replacement for tempnam.  It
returns a file descriptor not the name of a file.  mkdtemp is what we really
want but that's not available under glibc 2.1 or solaris.
Attached patch v1.1 (obsolete) — Splinter Review 

    
    

    
  

      
      
      
      

        Attached patch
          
          
        v1.2Splinter Review
      

    


  

        Attachment #108314 -
        Attachment is obsolete: true

        Attachment #108334 -
        Flags: superreview?(dveditz)

        Attachment #108334 -
        Flags: review?(syd)

    
  

        Attachment #108334 -
        Flags: review?(syd) → review+

    
  

        Attachment #108334 -
        Flags: superreview?(dveditz) → superreview+

    
    

    
  
Patch has been checked in.

Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.3beta
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: