------------------------------------------------------------
revno: 11784
revision-id: squid3@treenet.co.nz-20130216022801-tvwdf0kps32vustk
parent: squid3@treenet.co.nz-20130216022631-j228uca9fc0xgcfr
author: Francesco Chemolli <kinkie@squid-cache.org>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.2
timestamp: Fri 2013-02-15 19:28:01 -0700
message:
  Fix coverity scan issue 740457: unsecure temporary file creation
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20130216022801-tvwdf0kps32vustk
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
#   /SQUID_3_2
# testament_sha1: 2d651771d7e9f3248a7845ccba42874b57c3cfb9
# timestamp: 2013-02-16 02:30:22 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
#   /SQUID_3_2
# base_revision_id: squid3@treenet.co.nz-20130216022631-\
#   j228uca9fc0xgcfr
# 
# Begin patch
=== modified file 'src/tools.cc'
--- src/tools.cc	2012-12-02 08:09:13 +0000
+++ src/tools.cc	2013-02-16 02:28:01 +0000
@@ -114,28 +114,27 @@
 {
     FILE *fp = NULL;
     static char command[256];
+
+    const mode_t prev_umask=umask(S_IRWXU);
+
 #if HAVE_MKSTEMP
-
     char filename[] = "/tmp/squid-XXXXXX";
     int tfd = mkstemp(filename);
-
-    if (tfd < 0)
-        return;
-
-    if ((fp = fdopen(tfd, "w")) == NULL)
-        return;
-
+    if (tfd < 0 || (fp = fdopen(tfd, "w")) == NULL) {
+        umask(prev_umask);
+        return;
+    }
 #else
-
     char *filename;
-
-    if ((filename = tempnam(NULL, APP_SHORTNAME)) == NULL)
-        return;
-
-    if ((fp = fopen(filename, "w")) == NULL)
-        return;
-
+    // XXX tempnam is obsolete since POSIX.2008-1
+    // tmpfile is not an option, we want the created files to stick around
+    if ((filename = tempnam(NULL, APP_SHORTNAME)) == NULL ||
+            (fp = fopen(filename, "w")) == NULL) {
+        umask(prev_umask);
+        return;
+    }
 #endif
+    umask(prev_umask);
 
     if (Config.EmailFrom)
         fprintf(fp, "From: %s\n", Config.EmailFrom);
@@ -143,16 +142,15 @@
         fprintf(fp, "From: %s@%s\n", APP_SHORTNAME, uniqueHostname());
 
     fprintf(fp, "To: %s\n", Config.adminEmail);
-
     fprintf(fp, "Subject: %s\n", dead_msg());
-
     fclose(fp);
 
     snprintf(command, 256, "%s %s < %s", Config.EmailProgram, Config.adminEmail, filename);
-
     if (system(command)) {}		/* XXX should avoid system(3) */
-
     unlink(filename);
+#if !HAVE_MKSTEMP
+    xfree(filename); // tempnam() requires us to free its allocation
+#endif
 }
 
 void