nsXIEngine.cpp uses tempnam instead of mkstemp

RESOLVED FIXED in mozilla1.3beta

Status

Core Graveyard
Installer: XPInstall Engine
--
major
RESOLVED FIXED
15 years ago
2 years ago

People

(Reporter: Justin Kirby, Assigned: dveditz)

Tracking

Trunk
mozilla1.3beta
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment, 2 obsolete attachments)

(Reporter)

Description

15 years ago
xpinstall/wizard/unix/src2/nsXIEngine.cpp:553

this uses the tempnam function which is deemed unacceptable by gcc3.2 and causes
gcc to exit. The solution is to use the recommendation and change to mkstemp

mTmp = tempnam( (const char *) NULL, "xpi" );

to

mTmp = mkstemp("xpi" );
(Assignee)

Comment 1

15 years ago
Before we could change the install code we'd have to make sure all the other
unixes support mkstemp, or change autoconf to check for support so we can ifdef it.
Assignee: dveditz → seawood
Status: UNCONFIRMED → NEW
Component: Installer: XPInstall Engine → Build Config
Ever confirmed: true
QA Contact: jimmylee → granrose
The only unices that we build the installer for are solaris & linux and both of
these support mkstemp.  Adding a mkstemp autoconf check (via AC_CHECK_FUNCS) is
fairly simple if you still want to do this so that other OSes can build the
installer via --enable-installer.


Assignee: seawood → dveditz
Component: Build Config → Installer: XPInstall Engine
QA Contact: granrose → jimmylee

Comment 3

15 years ago
This is not just a compilation issue (gcc complains), but also a security issue
(tempnam creates predictable names).
Created attachment 108298 [details] [diff] [review]
patch
Attachment #108298 - Attachment is obsolete: true

Comment 5

15 years ago
Comment on attachment 108298 [details] [diff] [review]
patch

This should probably be something along the lines of

mkstemp("/tmp/xpi.XXXXXX")
Actually, it turns out that mkstemp isn't a drop in replacement for tempnam.  It
returns a file descriptor not the name of a file.  mkdtemp is what we really
want but that's not available under glibc 2.1 or solaris.  
Created attachment 108314 [details] [diff] [review]
v1.1
Created attachment 108334 [details] [diff] [review]
v1.2
Attachment #108314 - Attachment is obsolete: true
Attachment #108334 - Flags: superreview?(dveditz)
Attachment #108334 - Flags: review?(syd)

Updated

15 years ago
Attachment #108334 - Flags: review?(syd) → review+
(Assignee)

Updated

15 years ago
Attachment #108334 - Flags: superreview?(dveditz) → superreview+
Patch has been checked in.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.3beta
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.