#20768 [NEW]: MySql temp file error

Mon, 02 Dec 2002 11:20:45 -0800 

From:             [EMAIL PROTECTED]
Operating system: Debian 3.0 Stable / Sparc
PHP version:      4.3.0RC2
PHP Bug Type:     Compile Failure
Bug description:  MySql temp file error

When building 4.3.0RC2 against apache 1.3.26 DSO  I get an error stating
that usage of tempnam() is insecure - line 103 of
ext/mysql/libmysql/my_tempnam.c

I replaced line 103 with the following code, which builds and should
function identically.

/* filespec will be dir + '/' + pfx + 'XXXXXX' + null */
res = malloc(strlen(dir) + strlen(pfx) + 8);
res[0] = '\0';
strcat(res, dir);
strcat(res, "/");
strcat(res, pfx);
strcat(res, "XXXXXX");
mkstemp(res);
/* res=tempnam((char *)dir, (my_string) pfx); */

Someone who knows the mysql code should check this if it's not a local
build problem on my end.

Other details:

Linux Kernel 2.4.18 / sparc64
libc6 2.2.5-11.2
gcc 2.95.4 20011002 (Debian prerelease)

./configure  --with-mysql --with-apxs --prefix=/usr --sysconfdir=/etc
--localstatedir=/var/php --with-zlib --with-dom  --with-gd --with-mysql
--enable-sockets --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib
--with-xpm-dir=/usr/X11R6/lib --with-freetype-dir=/usr/lib
-- 
Edit bug report at http://bugs.php.net/?id=20768&edit=1
-- 
Try a CVS snapshot:         http://bugs.php.net/fix.php?id=20768&r=trysnapshot
Fixed in CVS:               http://bugs.php.net/fix.php?id=20768&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=20768&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=20768&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=20768&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=20768&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=20768&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=20768&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=20768&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=20768&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=20768&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=20768&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=20768&r=isapi

Reply via email to