From 69420a154fc9fb8b04f437125a6a0604b26b1292 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 16 Dec 2011 11:13:55 -0500
Subject: Securely set umask when using mkstemp

Coverity 12394, 12395, 12396, 12397 and 12398
---
 src/providers/krb5/krb5_common.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/providers/krb5/krb5_common.c')

diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index a065727a..c2cb94b6 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -290,6 +290,7 @@ errno_t write_krb5info_file(const char *realm, const char *server,
     const char *name_tmpl = NULL;
     int server_len;
     ssize_t written;
+    mode_t old_umask;
 
     if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' ||
         service == NULL || service == '\0') {
@@ -328,7 +329,9 @@ errno_t write_krb5info_file(const char *realm, const char *server,
         goto done;
     }
 
+    old_umask = umask(077);
     fd = mkstemp(tmp_name);
+    umask(old_umask);
     if (fd == -1) {
         ret = errno;
         DEBUG(1, ("mkstemp failed [%d][%s].\n", ret, strerror(ret)));
-- 
cgit