From hsu@mail.clinet.fi  Sun Sep 21 14:11:19 1997
Received: from hauki.clinet.fi (root@hauki.clinet.fi [194.100.0.1])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA17063
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 21 Sep 1997 14:11:16 -0700 (PDT)
Received: from katiska.clinet.fi (root@katiska.clinet.fi [194.100.0.4])
	by hauki.clinet.fi (8.8.6/8.8.6) with ESMTP id AAA07784
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 22 Sep 1997 00:10:53 +0300 (EET DST)
Received: (root@localhost) by katiska.clinet.fi (8.8.7/8.6.4) id AAA14120; Mon, 22 Sep 1997 00:10:53 +0300 (EEST)
Message-Id: <199709212110.AAA14120@katiska.clinet.fi>
Date: Mon, 22 Sep 1997 00:10:53 +0300 (EEST)
From: Heikki Suonsivu <hsu@mail.clinet.fi>
Reply-To: hsu@mail.clinet.fi
To: FreeBSD-gnats-submit@freebsd.org
Subject: mktemp is too smart, accesses the path given
X-Send-Pr-Version: 3.2

>Number:         4599
>Category:       bin
>Synopsis:       mktemp is too smart, accesses the path given
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 21 14:20:01 PDT 1997
>Closed-Date:    Sun Jun 7 04:16:37 PDT 1998
>Last-Modified:  Mon Jun  8 10:40:02 PDT 1998
>Originator:     Heikki Suonsivu
>Release:        FreeBSD 2.2-STABLE i386
>Organization:
Clinet, Espoo, Finland
>Environment:

FreeBSD, I think in all versions from at least 2.2.

>Description:

mktemp is supposed to randomize a given pathname by replacing X's in the
given string with process-specific numbers/data.  However, if the given
string does not point to a valid path, it returns NULL and botches the
argument string.  As it is supposed just to create a path name, this should
not happen ?

This breaks rdist6, which wants to create a temporary path and patch up
missing directories on the path afterwards.

>How-To-Repeat:

#include <stdio.h>
#include <string.h>

main()
{
	char foo[1024];

	strcpy(foo, "/some/unexistent/directoryXXXXXX");
	if (!mktemp(foo)) {
		perror(foo);
	}
	printf("foo become %s\n", foo);
}

hsu#katiska.clinet.fi Sun 10: ./hello
/some/unexistent: No such file or directory
foo become /some/unexistent
hsu#katiska.clinet.fi Sun 11:

>Fix:

Dirty workaround for rdist6 (server.c):

#if 0		
		if (!mktemp(new)) {
		  error("Cannot create temporary name, errno %d.", errno);
		}
#else
		{
		  char *p;
		  p = strstr(new, "XXXXXX");
		  if (p)
		    sprintf(p, "%6d", getpid() % 1000000);
		  else
		    error("Cannot create temporary name");
		}
#endif

-- 
Heikki Suonsivu, T{ysikuu 10 C 83/02210 Espoo/FINLAND, hsu@clinet.fi
mobile +358-40-5519679 work +358-9-43542270 fax -4555276
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: thepish 
State-Changed-When: Sun Jun 7 04:16:37 PDT 1998 
State-Changed-Why:  
Thanks. requested functionality was implemented (-current and -stable) with 
the implementation of mkdtemp(3) 

From: Bill Fenner <fenner@parc.xerox.com>
To: Heikki Suonsivu <hsu@clinet.fi>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/4599 
Date: Mon, 8 Jun 1998 10:36:40 PDT

 I dunno how relevant the Open Group's "Single UNIX  Specification,
 Version 2" is as a standards document, but it simply says that mktemp()
 takes an argument with 6 X's in it and replaces each X with a single
 byte character from the portable filename character set.
 
 It does say, however, "If a unique name cannot be created, [mktemp
 returns] a null string"; ("null string" means "", not NULL).  Although
 mktemp() clearly needs to read the directory in order to ensure that
 the name is unique, it's also fairly clear that if the directory
 doesn't exist then the name is unique.
 
   Bill
>Unformatted:
