From b7764db721d5a3c4a26fe6bfd374170ea1c1f53f Mon Sep 17 00:00:00 2001
From: hsuk04 <hsuhweek@gmail.com>
Date: Mon, 9 Jun 2025 21:42:13 +0800
Subject: [PATCH] vuln-fix: replace outdated temp dir creation with
 java.nio.Files to prevent hijacking

---
 .../java/org/apache/bookkeeper/util/IOUtils.java | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/bookkeeper-server/src/main/java/org/apache/bookkeeper/util/IOUtils.java b/bookkeeper-server/src/main/java/org/apache/bookkeeper/util/IOUtils.java
index c003fdf325c..69857a07979 100644
--- a/bookkeeper-server/src/main/java/org/apache/bookkeeper/util/IOUtils.java
+++ b/bookkeeper-server/src/main/java/org/apache/bookkeeper/util/IOUtils.java
@@ -21,6 +21,8 @@
 package org.apache.bookkeeper.util;
 
 import java.io.File;
+import java.nio.file.Files;
+import java.nio.file.Path;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.nio.channels.WritableByteChannel;
@@ -146,14 +148,12 @@ public static File createTempDir(String prefix, String suffix)
      */
     public static File createTempDir(String prefix, String suffix, File dir)
             throws IOException {
-        File tmpDir = File.createTempFile(prefix, suffix, dir);
-        if (!tmpDir.delete()) {
-            throw new IOException("Couldn't delete directory " + tmpDir);
-        }
-        if (!tmpDir.mkdir()) {
-            throw new IOException("Couldn't create directory " + tmpDir);
-        }
-        return tmpDir;
+        try {
+            final File tmpDir = Files.createTempDirectory(prefix + suffix).toFile();
+                return tmpDir;
+            } catch (IOException e) {
+                throw new IOException("Could not create temp directory: " + prefix + suffix, e);
+            }
     }
 
     /**