You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@stdcxx.apache.org by "Scott (Yu) Zhong (JIRA)" <ji...@apache.org> on 2008/10/08 18:13:44 UTC
[jira] Created: (STDCXX-1019) __rw_mkstemp in file.cpp should honor
TMPDIR environment variable
__rw_mkstemp in file.cpp should honor TMPDIR environment variable
-----------------------------------------------------------------
Key: STDCXX-1019
URL: https://issues.apache.org/jira/browse/STDCXX-1019
Project: C++ Standard Library
Issue Type: Sub-task
Components: 20. General Utilities
Affects Versions: 4.2.1
Environment: SunOS clue 5.10 Generic_118833-33 sun4u sparc SUNW,Sun-Fire-V215
CC: Sun C++ 5.9 SunOS_sparc 2007/05/03
Reporter: Scott (Yu) Zhong
Fix For: 4.3.0
TMPDIR should be honored in the internal function __rw_mkstemp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-1019) __rw_mkstemp in file.cpp should honor
TMPDIR environment variable
Posted by "Scott (Yu) Zhong (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-1019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott (Yu) Zhong updated STDCXX-1019:
-------------------------------------
Attachment: STDCXX-1019.patch
patch
> __rw_mkstemp in file.cpp should honor TMPDIR environment variable
> -----------------------------------------------------------------
>
> Key: STDCXX-1019
> URL: https://issues.apache.org/jira/browse/STDCXX-1019
> Project: C++ Standard Library
> Issue Type: Sub-task
> Components: 27. Input/Output
> Affects Versions: 4.2.1
> Environment: SunOS clue 5.10 Generic_118833-33 sun4u sparc SUNW,Sun-Fire-V215
> CC: Sun C++ 5.9 SunOS_sparc 2007/05/03
> Reporter: Scott (Yu) Zhong
> Assignee: Martin Sebor
> Fix For: 4.2.2
>
> Attachments: STDCXX-1019.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> TMPDIR should be honored in the internal function __rw_mkstemp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (STDCXX-1019) __rw_mkstemp in file.cpp should
honor TMPDIR environment variable
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-1019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12644427#action_12644427 ]
Martin Sebor commented on STDCXX-1019:
--------------------------------------
I'm afraid the attached patch isn't quite safe.
{noformat}
Index: file.cpp
===================================================================
--- file.cpp (revision 702657)
+++ file.cpp (working copy)
@@ -42,6 +42,7 @@
#include <stdio.h> // for P_tmpdir, std{err,in,out}, tmpnam()
#include <stdlib.h> // for mkstemp(), strtoul(), size_t
#include <ctype.h> // for isalpha(), isspace(), toupper()
+#include <string.h> // for memcpy()
#if defined (_WIN32) && !defined (__CYGWIN__)
@@ -58,6 +59,9 @@
# define _BINARY 0
#endif
+#ifndef PATH_MAX
+# define PATH_MAX 1024
+#endif
#include <rw/_file.h>
#include <rw/_defs.h>
@@ -257,8 +261,18 @@
# define P_tmpdir "/tmp"
# endif // P_tmpdir
- char fnamebuf[] = P_tmpdir "/.rwtmpXXXXXX";
+ const char *tmpdir = getenv ("TMPDIR");
+ if (tmpdir == NULL) {
+ tmpdir = P_tmpdir;
+ }
+ char fnamebuf [PATH_MAX];
+
+ size_t len = strlen (tmpdir) - 1;
+
+ memcpy (fnamebuf, tmpdir, len);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
{noformat}
There's no guarantee that the string fits in the provided buffer, i.e., that {{(len + sizeof "/.rwtmpXXXXXX" < sizeof fnamebuf)}}. A buffer overflow here would open up a security hole. The best way to handle this case is to fail.
{noformat}
+ memcpy (fnamebuf+len, "/.rwtmpXXXXXX", sizeof ("/.rwtmpXXXXXX"));
^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^
+
{noformat}
We should avoid the string duplication here to eliminate possible mismatches in future changes. Defining a local (static) constant for the string would be one way to avoid the duplication.
{noformat}
fd = mkstemp (fnamebuf);
if (fd >= 0)
@@ -294,7 +308,7 @@
// names that have no extension. tempnam uses malloc to allocate
// space for the filename; the program is responsible for freeing
// this space when it is no longer needed.
- char* const fname = tempnam (P_tmpdir, ".rwtmp");
+ char* const fname = tempnam (tmpdir, ".rwtmp");
if (!fname)
return -1;
{noformat}
> __rw_mkstemp in file.cpp should honor TMPDIR environment variable
> -----------------------------------------------------------------
>
> Key: STDCXX-1019
> URL: https://issues.apache.org/jira/browse/STDCXX-1019
> Project: C++ Standard Library
> Issue Type: Sub-task
> Components: 27. Input/Output
> Affects Versions: 4.2.1
> Environment: SunOS clue 5.10 Generic_118833-33 sun4u sparc SUNW,Sun-Fire-V215
> CC: Sun C++ 5.9 SunOS_sparc 2007/05/03
> Reporter: Scott (Yu) Zhong
> Assignee: Martin Sebor
> Fix For: 4.2.2
>
> Attachments: STDCXX-1019.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> TMPDIR should be honored in the internal function __rw_mkstemp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (STDCXX-1019) __rw_mkstemp in file.cpp should
honor TMPDIR environment variable
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-1019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Sebor reassigned STDCXX-1019:
------------------------------------
Assignee: Martin Sebor
> __rw_mkstemp in file.cpp should honor TMPDIR environment variable
> -----------------------------------------------------------------
>
> Key: STDCXX-1019
> URL: https://issues.apache.org/jira/browse/STDCXX-1019
> Project: C++ Standard Library
> Issue Type: Sub-task
> Components: 20. General Utilities
> Affects Versions: 4.2.1
> Environment: SunOS clue 5.10 Generic_118833-33 sun4u sparc SUNW,Sun-Fire-V215
> CC: Sun C++ 5.9 SunOS_sparc 2007/05/03
> Reporter: Scott (Yu) Zhong
> Assignee: Martin Sebor
> Fix For: 4.3.0
>
>
> TMPDIR should be honored in the internal function __rw_mkstemp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (STDCXX-1019) __rw_mkstemp in file.cpp
should honor TMPDIR environment variable
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-1019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12641268#action_12641268 ]
sebor edited comment on STDCXX-1019 at 10/20/08 10:03 PM:
-----------------------------------------------------------------
Will fix in 4.2.2 (patch available in this [post|http://markmail.org/message/o3k64bxo2addkghp]).
Set Component to Input/Output.
was (Author: sebor):
Will fix in 4.2.2.
Set Component to Input/Output.
> __rw_mkstemp in file.cpp should honor TMPDIR environment variable
> -----------------------------------------------------------------
>
> Key: STDCXX-1019
> URL: https://issues.apache.org/jira/browse/STDCXX-1019
> Project: C++ Standard Library
> Issue Type: Sub-task
> Components: 27. Input/Output
> Affects Versions: 4.2.1
> Environment: SunOS clue 5.10 Generic_118833-33 sun4u sparc SUNW,Sun-Fire-V215
> CC: Sun C++ 5.9 SunOS_sparc 2007/05/03
> Reporter: Scott (Yu) Zhong
> Assignee: Martin Sebor
> Fix For: 4.2.2
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> TMPDIR should be honored in the internal function __rw_mkstemp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (STDCXX-1019) __rw_mkstemp in file.cpp should
honor TMPDIR environment variable
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-1019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Sebor resolved STDCXX-1019.
----------------------------------
Resolution: Fixed
Fixed in [r709784|http://svn.apache.org/viewvc?rev=709784&view=rev].
Will close after adding a test.
> __rw_mkstemp in file.cpp should honor TMPDIR environment variable
> -----------------------------------------------------------------
>
> Key: STDCXX-1019
> URL: https://issues.apache.org/jira/browse/STDCXX-1019
> Project: C++ Standard Library
> Issue Type: Sub-task
> Components: 27. Input/Output
> Affects Versions: 4.2.1
> Environment: SunOS clue 5.10 Generic_118833-33 sun4u sparc SUNW,Sun-Fire-V215
> CC: Sun C++ 5.9 SunOS_sparc 2007/05/03
> Reporter: Scott (Yu) Zhong
> Assignee: Martin Sebor
> Fix For: 4.2.2
>
> Attachments: STDCXX-1019.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> TMPDIR should be honored in the internal function __rw_mkstemp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-1019) __rw_mkstemp in file.cpp should honor
TMPDIR environment variable
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-1019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Sebor updated STDCXX-1019:
---------------------------------
Patch Info: [Patch Available]
> __rw_mkstemp in file.cpp should honor TMPDIR environment variable
> -----------------------------------------------------------------
>
> Key: STDCXX-1019
> URL: https://issues.apache.org/jira/browse/STDCXX-1019
> Project: C++ Standard Library
> Issue Type: Sub-task
> Components: 27. Input/Output
> Affects Versions: 4.2.1
> Environment: SunOS clue 5.10 Generic_118833-33 sun4u sparc SUNW,Sun-Fire-V215
> CC: Sun C++ 5.9 SunOS_sparc 2007/05/03
> Reporter: Scott (Yu) Zhong
> Assignee: Martin Sebor
> Fix For: 4.2.2
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> TMPDIR should be honored in the internal function __rw_mkstemp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (STDCXX-1019) __rw_mkstemp in file.cpp should
honor TMPDIR environment variable
Posted by "Scott (Yu) Zhong (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-1019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12639453#action_12639453 ]
Scott (Yu) Zhong commented on STDCXX-1019:
------------------------------------------
There are two different file that happens to have the same name that are affected by my patch. One resides under <stdcxx>/src/file.cpp and the other is <stdcxx>/tests/src/file.cpp. This issue affects the former.
http://svn.apache.org/repos/asf/stdcxx/branches/4.2.x/src/file.cpp
> __rw_mkstemp in file.cpp should honor TMPDIR environment variable
> -----------------------------------------------------------------
>
> Key: STDCXX-1019
> URL: https://issues.apache.org/jira/browse/STDCXX-1019
> Project: C++ Standard Library
> Issue Type: Sub-task
> Components: 20. General Utilities
> Affects Versions: 4.2.1
> Environment: SunOS clue 5.10 Generic_118833-33 sun4u sparc SUNW,Sun-Fire-V215
> CC: Sun C++ 5.9 SunOS_sparc 2007/05/03
> Reporter: Scott (Yu) Zhong
> Fix For: 4.3.0
>
>
> TMPDIR should be honored in the internal function __rw_mkstemp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (STDCXX-1019) __rw_mkstemp in file.cpp should honor
TMPDIR environment variable
Posted by "Martin Sebor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-1019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Sebor updated STDCXX-1019:
---------------------------------
Component/s: (was: 20. General Utilities)
27. Input/Output
Fix Version/s: (was: 4.3.0)
4.2.2
Remaining Estimate: 1h
Original Estimate: 1h
Will fix in 4.2.2.
Set Component to Input/Output.
> __rw_mkstemp in file.cpp should honor TMPDIR environment variable
> -----------------------------------------------------------------
>
> Key: STDCXX-1019
> URL: https://issues.apache.org/jira/browse/STDCXX-1019
> Project: C++ Standard Library
> Issue Type: Sub-task
> Components: 27. Input/Output
> Affects Versions: 4.2.1
> Environment: SunOS clue 5.10 Generic_118833-33 sun4u sparc SUNW,Sun-Fire-V215
> CC: Sun C++ 5.9 SunOS_sparc 2007/05/03
> Reporter: Scott (Yu) Zhong
> Assignee: Martin Sebor
> Fix For: 4.2.2
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> TMPDIR should be honored in the internal function __rw_mkstemp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (STDCXX-1019) __rw_mkstemp in file.cpp
should honor TMPDIR environment variable
Posted by "Scott (Yu) Zhong (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/STDCXX-1019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12643232#action_12643232 ]
scottz edited comment on STDCXX-1019 at 10/28/08 8:20 AM:
--------------------------------------------------------------------
patch available in the file attachment part of this bug.
was (Author: scottz):
patch
> __rw_mkstemp in file.cpp should honor TMPDIR environment variable
> -----------------------------------------------------------------
>
> Key: STDCXX-1019
> URL: https://issues.apache.org/jira/browse/STDCXX-1019
> Project: C++ Standard Library
> Issue Type: Sub-task
> Components: 27. Input/Output
> Affects Versions: 4.2.1
> Environment: SunOS clue 5.10 Generic_118833-33 sun4u sparc SUNW,Sun-Fire-V215
> CC: Sun C++ 5.9 SunOS_sparc 2007/05/03
> Reporter: Scott (Yu) Zhong
> Assignee: Martin Sebor
> Fix For: 4.2.2
>
> Attachments: STDCXX-1019.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> TMPDIR should be honored in the internal function __rw_mkstemp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.