archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-22 20:14:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

6721753: File.createTempFile produces guessable file names

Browse source 
Reviewed-by: sherman
This commit is contained in:
Alan Bateman 2008-10-09 21:12:56 +01:00
parent 3a902871ef
commit 01bf987244
1 changed files with 26 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

54
jdk/src/share/classes/java/io/File.java
View file

@ -33,9 +33,9 @@ import java.net.URISyntaxException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Map; import java.util.Map;
import java.util.Hashtable; import java.util.Hashtable;
import java.util.Random;
import java.security.AccessController; import java.security.AccessController;
import java.security.AccessControlException; import java.security.AccessControlException;
import java.security.SecureRandom;
import sun.security.action.GetPropertyAction; import sun.security.action.GetPropertyAction;
@ -1678,28 +1678,28 @@ public class File
/* -- Temporary files -- */ /* -- Temporary files -- */
private static final Object tmpFileLock = new Object(); // lazy initialization of SecureRandom and temporary file directory
private static class LazyInitialization {
static final SecureRandom random = new SecureRandom();
private static int counter = -1; /* Protected by tmpFileLock */ static final String temporaryDirectory = temporaryDirectory();
static String temporaryDirectory() {
return fs.normalize(
AccessController.doPrivileged(
new GetPropertyAction("java.io.tmpdir")));
}
}
private static File generateFile(String prefix, String suffix, File dir) private static File generateFile(String prefix, String suffix, File dir)
throws IOException throws IOException
{ {
if (counter == -1) { long n = LazyInitialization.random.nextLong();
counter = new Random().nextInt() & 0xffff; if (n == Long.MIN_VALUE) {
n = 0; // corner case
} else {
n = Math.abs(n);
} }
counter++; return new File(dir, prefix + Long.toString(n) + suffix);
return new File(dir, prefix + Integer.toString(counter) + suffix);
}
private static String tmpdir; /* Protected by tmpFileLock */
private static String getTempDir() {
if (tmpdir == null)
tmpdir = fs.normalize(
AccessController.doPrivileged(
new GetPropertyAction("java.io.tmpdir")));
return tmpdir;
} }
private static boolean checkAndCreate(String filename, SecurityManager sm) private static boolean checkAndCreate(String filename, SecurityManager sm)
@ -1795,18 +1795,16 @@ public class File
if (prefix.length() < 3) if (prefix.length() < 3)
throw new IllegalArgumentException("Prefix string too short"); throw new IllegalArgumentException("Prefix string too short");
String s = (suffix == null) ? ".tmp" : suffix; String s = (suffix == null) ? ".tmp" : suffix;
synchronized (tmpFileLock) { if (directory == null) {
if (directory == null) { String tmpDir = LazyInitialization.temporaryDirectory();
String tmpDir = getTempDir(); directory = new File(tmpDir, fs.prefixLength(tmpDir));
directory = new File(tmpDir, fs.prefixLength(tmpDir));
}
SecurityManager sm = System.getSecurityManager();
File f;
do {
f = generateFile(prefix, s, directory);
} while (!checkAndCreate(f.getPath(), sm));
return f;
} }
SecurityManager sm = System.getSecurityManager();
File f;
do {
f = generateFile(prefix, s, directory);
} while (!checkAndCreate(f.getPath(), sm));
return f;
} }
/** /**