------------------------------------------------------------ revno: 12494 revision-id: squid3@treenet.co.nz-20130214091221-6a14fnkur9wwsgv0 parent: squid3@treenet.co.nz-20130214073442-b5tggdqss1ws6v12 author: Francesco Chemolli committer: Amos Jeffries branch nick: 3.3 timestamp: Thu 2013-02-14 02:12:21 -0700 message: Fix coverity scan issue 740457: unsecure temporary file creation ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20130214091221-6a14fnkur9wwsgv0 # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.3 # testament_sha1: ab0624f12d842594a06917acb27ed944217305a1 # timestamp: 2013-02-14 09:15:17 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.3 # base_revision_id: squid3@treenet.co.nz-20130214073442-\ # b5tggdqss1ws6v12 # # Begin patch === modified file 'src/tools.cc' --- src/tools.cc 2012-12-02 07:23:32 +0000 +++ src/tools.cc 2013-02-14 09:12:21 +0000 @@ -127,28 +127,27 @@ { FILE *fp = NULL; static char command[256]; + + const mode_t prev_umask=umask(S_IRWXU); + #if HAVE_MKSTEMP - char filename[] = "/tmp/squid-XXXXXX"; int tfd = mkstemp(filename); - - if (tfd < 0) - return; - - if ((fp = fdopen(tfd, "w")) == NULL) - return; - + if (tfd < 0 || (fp = fdopen(tfd, "w")) == NULL) { + umask(prev_umask); + return; + } #else - char *filename; - - if ((filename = tempnam(NULL, APP_SHORTNAME)) == NULL) - return; - - if ((fp = fopen(filename, "w")) == NULL) - return; - + // XXX tempnam is obsolete since POSIX.2008-1 + // tmpfile is not an option, we want the created files to stick around + if ((filename = tempnam(NULL, APP_SHORTNAME)) == NULL || + (fp = fopen(filename, "w")) == NULL) { + umask(prev_umask); + return; + } #endif + umask(prev_umask); if (Config.EmailFrom) fprintf(fp, "From: %s\n", Config.EmailFrom); @@ -156,16 +155,15 @@ fprintf(fp, "From: %s@%s\n", APP_SHORTNAME, uniqueHostname()); fprintf(fp, "To: %s\n", Config.adminEmail); - fprintf(fp, "Subject: %s\n", dead_msg()); - fclose(fp); snprintf(command, 256, "%s %s < %s", Config.EmailProgram, Config.adminEmail, filename); - if (system(command)) {} /* XXX should avoid system(3) */ - unlink(filename); +#if !HAVE_MKSTEMP + xfree(filename); // tempnam() requires us to free its allocation +#endif } void