You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cocoon.apache.org by bu...@apache.org on 2003/11/04 18:16:07 UTC

DO NOT REPLY [Bug 24401] New: - Slight improvement to temporary file creation in servlet.multipart.MultipartParser.java

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24401>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24401

Slight improvement to temporary file creation in servlet.multipart.MultipartParser.java

           Summary: Slight improvement to temporary file creation in
                    servlet.multipart.MultipartParser.java
           Product: Cocoon 2
           Version: 2.1.2
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: core
        AssignedTo: dev@cocoon.apache.org
        ReportedBy: swhite@decisionsoft.com


The temporary file creation is theoretically raceable, which could be an issue
if people are using the directory specified by java.io.tmpdir or other shared
temporary directories (which isn't recommended).

I'm particually interested in this since the servlet.multipart package is useful
to lots of servlets .. not just to cocoon itself.

Anyway I've produced a very trivial patch which uses Java's 'createNewFile'
method.  This is specified to atomically create a new file IFF one doesn't
already exist, and so should therefore be safer WRT to races (I suspect it's
still raceble on NFS, but ought to be secure on most filesystems).