Hi, I found a similar issue in wml_contrib/wmg.cgi which we also install in our package:
369 $tmpfile = "/tmp/pe.tmp.$$";
370 unlink($tmpfile);
371 open(TMP, ">$tmpfile");
372 print TMP $contents;
373 close(TMP);
374 open(TMP, "<$tmpfile");
375 $tmpimg = newFromGif GD::Image(TMP);
376 close(TMP);
377 unlink($tmpfile);
And one in wml_backend/p3_eperl/eperl_sys.c:
210 char *mytmpfile(char *id)
211 {
212 char ca[1024];
213 char *cp, *tmpdir;
214 int i;
215
216 tmpdir = getenv ("TMPDIR");
217 if (tmpdir == (char *) NULL)
218 tmpdir="/tmp";
219
220 snprintf(ca, sizeof(ca), "%s/%s.%d.tmp%d", tmpdir, id, (int)getpid(),
mytmpfilecnt++);
221 ca[sizeof(ca)-1] = NUL;
222 cp = strdup(ca);
223 for (i = 0; mytmpfiles[i] != NULL; i++)
224 ;
225 mytmpfiles[i++] = cp;
226 mytmpfiles[i] = NULL;
227 return cp;
228 }
I am going to fix this using mkstemp, however the fix won't
be race free because ideally you also need you have to open the
file via the file descriptor returned by mkstemp to ensure
that the file did not change. For this I would need to completely
change the function and I don't want to do such an intrusive change.
However this is not a big issue and more theoretical but should be
fixed by upstream later.
I am going to fix this as well.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgppMYGnzUvzs.pgp
Description: PGP signature
