emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix some insecure temporary files reported by Coverity.

Browse Source
This commit is contained in:
Juan RP 2015-07-26 09:02:04 +02:00
parent ffbdfeef63
commit 36026451ce
3 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/xbps-create/main.c
View File

@ -843,9 +843,11 @@ main(int argc, char **argv)
/* /*
* Create a temp file to store archive data. * Create a temp file to store archive data.
*/ */
tname = xbps_xasprintf(".xbps-pkg-XXXXXX"); tname = xbps_xasprintf(".xbps-pkg-XXXXXXXXX");
myumask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
pkg_fd = mkstemp(tname); pkg_fd = mkstemp(tname);
assert(pkg_fd != -1); assert(pkg_fd != -1);
umask(myumask);
/* /*
* Process the binary package's archive (ustar compressed with xz). * Process the binary package's archive (ustar compressed with xz).
*/ */

5
bin/xbps-rindex/repoflush.c
View File

@ -1,5 +1,5 @@
/*- /*-
* Copyright (c) 2013-2014 Juan Romero Pardines. * Copyright (c) 2013-2015 Juan Romero Pardines.
* All rights reserved. * All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
@ -44,13 +44,16 @@ repodata_flush(struct xbps_handle *xhp, const char *repodir,
struct archive *ar; struct archive *ar;
char *repofile, *tname, *buf; char *repofile, *tname, *buf;
int rv, repofd = -1; int rv, repofd = -1;
mode_t mask;
/* Create a tempfile for our repository archive */ /* Create a tempfile for our repository archive */
repofile = xbps_repo_path(xhp, repodir); repofile = xbps_repo_path(xhp, repodir);
tname = xbps_xasprintf("%s.XXXXXXXXXX", repofile); tname = xbps_xasprintf("%s.XXXXXXXXXX", repofile);
mask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
if ((repofd = mkstemp(tname)) == -1) if ((repofd = mkstemp(tname)) == -1)
return false; return false;
umask(mask);
/* Create and write our repository archive */ /* Create and write our repository archive */
ar = archive_write_new(); ar = archive_write_new();
assert(ar); assert(ar);

6
lib/package_script.c
View File

@ -1,5 +1,5 @@
/*- /*-
* Copyright (c) 2012-2013 Juan Romero Pardines. * Copyright (c) 2012-2015 Juan Romero Pardines.
* All rights reserved. * All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
@ -43,6 +43,7 @@ xbps_pkg_exec_buffer(struct xbps_handle *xhp,
const char *tmpdir, *version; const char *tmpdir, *version;
char *pkgname, *fpath; char *pkgname, *fpath;
int fd, rv; int fd, rv;
mode_t mask;
assert(blob); assert(blob);
assert(pkgver); assert(pkgver);
@ -71,12 +72,15 @@ xbps_pkg_exec_buffer(struct xbps_handle *xhp,
} }
/* Create temp file to run script */ /* Create temp file to run script */
mask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
if ((fd = mkstemp(fpath)) == -1) { if ((fd = mkstemp(fpath)) == -1) {
umask(mask);
rv = errno; rv = errno;
xbps_dbg_printf(xhp, "%s: mkstemp %s\n", xbps_dbg_printf(xhp, "%s: mkstemp %s\n",
__func__, strerror(errno)); __func__, strerror(errno));
goto out; goto out;
} }
umask(mask);
/* write blob to our temp fd */ /* write blob to our temp fd */
ret = write(fd, blob, blobsiz); ret = write(fd, blob, blobsiz);
if (ret == -1) { if (ret == -1) {