From owner-freebsd-ports@FreeBSD.ORG Mon Nov 12 20:42:10 2007 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB34F16A46C for ; Mon, 12 Nov 2007 20:42:10 +0000 (UTC) (envelope-from erik@tefre.com) Received: from mta1-filtered.netlife.no (mail.netlife.no [213.187.191.68]) by mx1.freebsd.org (Postfix) with ESMTP id 8338E13C4B7 for ; Mon, 12 Nov 2007 20:42:10 +0000 (UTC) (envelope-from erik@tefre.com) Received: from localhost (localhost [127.0.0.1]) by mta1-filtered.netlife.no (Postfix) with ESMTP id F03AB28705 for ; Mon, 12 Nov 2007 21:22:01 +0100 (CET) Received: from mta1.netlife.no ([127.0.0.1]) by localhost (mta1-filtered.netlife.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25389-03 for ; Mon, 12 Nov 2007 21:21:58 +0100 (CET) Received: from [10.0.0.7] (kontor.netlife.no [217.13.28.50]) by mta1.netlife.no (Postfix) with ESMTP id 52D27286FE for ; Mon, 12 Nov 2007 21:21:58 +0100 (CET) Message-ID: <4738B5E4.30901@tefre.com> Date: Mon, 12 Nov 2007 21:21:56 +0100 From: Erik Stian Tefre User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-ports@freebsd.org Content-Type: multipart/mixed; boundary="------------010805070703040804000808" X-Virus-Scanned: amavisd-new at netlife.no Subject: apache 2.x + php 5.x http post temporary file name non-randomness X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2007 20:42:10 -0000 This is a multi-part message in MIME format. --------------010805070703040804000808 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit There seems to be a bug (or feature?) somewhere that limits the number of unique temporary file names used when storing temporary files that are uploaded by posting a form. Looking through my webserver logs of 110000 file uploads, I find no more than 495 unique temporary file names which are being reused again and again. (File name example: /var/tmp/phpzzJuIt) I think PHP is supposed to use mkstemp(). From the mkstemp(3) manual: "The number of unique file names mktemp() can return depends on the number of `Xs' provided; six `Xs' will result in mktemp() selecting one of 56800235584 (62 ** 6) possible temporary file names." PHP uses 6 Xs. This makes the low number of observed unique file names (495) a bit disappointing. I have the same problem on the following 2 combinations: amd64 + freebsd 6.0 + php 5.1 + apache 2.0 prefork MPM (+ several php extensions) amd64 + freebsd 6.2 + php 5.2 + apache 2.2 prefork MPM (+ several php extensions) Does anyone know what causes this and/or how to fix it? The attached patch for php 5.2.4 Works For Me(tm), but I'd rather have the problem fixed at it's source than working around it... -- Erik --------------010805070703040804000808 Content-Type: text/plain; name="patch-main-php_open_temporary_file.c" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch-main-php_open_temporary_file.c" --- main/php_open_temporary_file.c.orig Mon Nov 12 18:46:03 2007 +++ main/php_open_temporary_file.c Mon Nov 12 18:49:30 2007 @@ -101,6 +101,7 @@ char cwd[MAXPATHLEN]; cwd_state new_state; int fd = -1; + struct timeval tval; #ifndef HAVE_MKSTEMP int open_flags = O_CREAT | O_TRUNC | O_RDWR #ifdef PHP_WIN32 @@ -131,7 +132,8 @@ trailing_slash = "/"; } - if (spprintf(&opened_path, 0, "%s%s%sXXXXXX", new_state.cwd, trailing_slash, pfx) >= MAXPATHLEN) { + gettimeofday(&tval, NULL); + if (spprintf(&opened_path, 0, "%s%s%s_%d_%d_XXXXXX", new_state.cwd, trailing_slash, pfx, tval.tv_sec, tval.tv_usec) >= MAXPATHLEN) { efree(opened_path); free(new_state.cwd); return -1; --------------010805070703040804000808--