Fixed Race condition in XF\Util\File::createTempDir


Well-known member
Affected version
The XF\Util\File::createTempDir function has a race condition where the same directory can be attempted to be created multiple times if enough requests happen at once.

This causes createDirectory to throw as it fails to create the directory, resulting in unexpected errors, so at least this doesn't cause anonymous data conflicts.
Interesting bug. I'd never have expected to see a race condition in software like this. I wonder if the devs will be able to replicate it.
uniqid really isn't unique enough for this purpose, and there are other places in the code which likely need fixing.
Even if a "unique enough" random string generator is used .. it is always a good practice to use
if (!mkdir($partialPath) && !is_dir($partialPath))
   return false;
instead of
if (!mkdir($partialPath))
   return false;

to avoid race condition that could occur when another process creates the required directory while current process is trying to do
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.13).

Change log:
Increase entropy of temporary directory name generation to reduce the likelihood of race conditions
There may be a delay before changes are rolled out to the XenForo Community.
Top Bottom