From 69420a154fc9fb8b04f437125a6a0604b26b1292 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Fri, 16 Dec 2011 11:13:55 -0500 Subject: Securely set umask when using mkstemp Coverity 12394, 12395, 12396, 12397 and 12398 --- src/providers/krb5/krb5_child.c | 3 +++ src/providers/krb5/krb5_common.c | 3 +++ src/tests/check_and_open-tests.c | 4 ++++ src/tests/debug-tests.c | 8 ++++++++ 4 files changed, 18 insertions(+) (limited to 'src') diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 01690cf4..297e3a76 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -230,6 +230,7 @@ static krb5_error_code create_ccache_file(krb5_context ctx, char *tmp_ccname; krb5_creds *l_cred; TALLOC_CTX *tmp_ctx = NULL; + mode_t old_umask; if (strncmp(ccname, "FILE:", 5) == 0) { cc_file_name = ccname + 5; @@ -258,7 +259,9 @@ static krb5_error_code create_ccache_file(krb5_context ctx, } tmp_ccname = talloc_asprintf_append(tmp_ccname, "/.krb5cc_dummy_XXXXXX"); + old_umask = umask(077); fd = mkstemp(tmp_ccname); + umask(old_umask); if (fd == -1) { DEBUG(1, ("mkstemp failed [%d][%s].\n", errno, strerror(errno))); kerr = errno; diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index a065727a..c2cb94b6 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -290,6 +290,7 @@ errno_t write_krb5info_file(const char *realm, const char *server, const char *name_tmpl = NULL; int server_len; ssize_t written; + mode_t old_umask; if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' || service == NULL || service == '\0') { @@ -328,7 +329,9 @@ errno_t write_krb5info_file(const char *realm, const char *server, goto done; } + old_umask = umask(077); fd = mkstemp(tmp_name); + umask(old_umask); if (fd == -1) { ret = errno; DEBUG(1, ("mkstemp failed [%d][%s].\n", ret, strerror(ret))); diff --git a/src/tests/check_and_open-tests.c b/src/tests/check_and_open-tests.c index 8e1bc988..6ff40d0f 100644 --- a/src/tests/check_and_open-tests.c +++ b/src/tests/check_and_open-tests.c @@ -43,10 +43,14 @@ int fd; void setup_check_and_open(void) { int ret; + mode_t old_umask; filename = strdup(FILENAME_TEMPLATE); fail_unless(filename != NULL, "strdup failed"); + + old_umask = umask(077); ret = mkstemp(filename); + umask(old_umask); fail_unless(ret != -1, "mkstemp failed [%d][%s]", errno, strerror(errno)); close(ret); diff --git a/src/tests/debug-tests.c b/src/tests/debug-tests.c index 8a338fb5..40dd2e98 100644 --- a/src/tests/debug-tests.c +++ b/src/tests/debug-tests.c @@ -191,10 +191,14 @@ int test_helper_debug_check_message(int level, int msgmode) int fd; int ret; int _errno = 0; + mode_t old_umask; FILE *file = NULL; strncpy(filename, "sssd_debug_tests.XXXXXX", 24); + + old_umask = umask(077); fd = mkstemp(filename); + umask(old_umask); if (fd == -1) { _errno = errno; talloc_free(ctx); @@ -331,10 +335,14 @@ int test_helper_debug_is_empty_message(int level, int msgmode) int filesize; int ret; int _errno = 0; + mode_t old_umask; FILE *file; strncpy(filename, "sssd_debug_tests.XXXXXX", 24); + + old_umask = umask(077); fd = mkstemp(filename); + umask(old_umask); if (fd == -1) { return DEBUG_TEST_ERROR; } -- cgit