Bug 44798 - Linker warning about tempnam
Linker warning about tempnam
Product: Red Hat Linux
Classification: Retired
Component: mailx (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ivana Varekova
David Lawrence
Depends On: 427335
  Show dependency treegraph
Reported: 2001-06-16 16:59 EDT by Russell King
Modified: 2008-01-03 02:50 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-12-02 09:37:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Russell King 2001-06-16 16:59:48 EDT
Description of Problem:
Building this package on ARM against glibc 2.2.2 reveals the following

gcc  -O2 -fsigned-char -fomit-frame-pointer -march=armv3 -D_GNU_SOURCE -o
mail version.o aux.o cmd1.o cmd2.o cmd3.o cmdtab.o collect.o no_dot_lock.o
edit.o fio.o getname.o head.o v7.local.o lex.o list.o main.o names.o
popen.o quit.o send.o strings.o temp.o tty.o vars.o flock.o
quit.o: In function `edstop':
quit.o(.text+0xb0c): the use of `tempnam' is dangerous, better use

Steps to Reproduce:
1. rpm --rebuild mailx-8.1.1-20.src.rpm
Comment 1 Phil Copeland 2001-06-24 14:51:26 EDT
Still present in mailx-8.1.1-21.src.rpm
Comment 2 Alan Cox 2002-12-18 08:35:57 EST
Careful review indicates it always uses the names carefully via open() with the
right O_EXCL flags set. It might be better if mailx kept its scratch files
elsewhere but its not a security bug.

We should update to the newest mailx base code.
Comment 3 Ivana Varekova 2004-11-15 07:47:02 EST
Thank you for your notices.
The problem was fixed.
Comment 4 Miloslav Trmač 2004-11-17 14:53:12 EST
Quoting mailx-8.1.1-bug44798.patch:
+tempname = (char *)malloc(sizeof(char)*(strlen(tmpdir)+10));
+strcpy(tempname, tmpdir);
+strcat(tempname, "mboxXXXXXX");

AFAICS, tempname actually uses
(strlen(tmpdir) + strlen("mboxXXXXXX") + 1) bytes, which is
(strlen(tmpdir) + 11), one more than is allocated.
Comment 5 Ivana Varekova 2004-11-18 03:09:26 EST
This problem was fixed. 
Thank you for your correction.
Comment 6 Ivana Varekova 2004-12-02 09:37:52 EST
Solved with -40.

Note You need to log in before you can comment on or make changes to this bug.