emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix some insecure temporary files reported by Coverity.

Browse Source
This commit is contained in:
Juan RP
2015-07-26 09:02:04 +02:00
parent ffbdfeef63
commit 36026451ce
3 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bin/xbps-create/main.c
View File

@@ -843,9 +843,11 @@ main(int argc, char **argv)
/*
* Create a temp file to store archive data.
*/
tname = xbps_xasprintf(".xbps-pkg-XXXXXX");
tname = xbps_xasprintf(".xbps-pkg-XXXXXXXXX");
myumask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
pkg_fd = mkstemp(tname);
assert(pkg_fd != -1);
umask(myumask);
/*
* Process the binary package's archive (ustar compressed with xz).
*/

5
bin/xbps-rindex/repoflush.c
View File

@@ -1,5 +1,5 @@
/*-
* Copyright (c) 2013-2014 Juan Romero Pardines.
* Copyright (c) 2013-2015 Juan Romero Pardines.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -44,13 +44,16 @@ repodata_flush(struct xbps_handle *xhp, const char *repodir,
struct archive *ar;
char *repofile, *tname, *buf;
int rv, repofd = -1;
mode_t mask;
/* Create a tempfile for our repository archive */
repofile = xbps_repo_path(xhp, repodir);
tname = xbps_xasprintf("%s.XXXXXXXXXX", repofile);
mask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
if ((repofd = mkstemp(tname)) == -1)
return false;
umask(mask);
/* Create and write our repository archive */
ar = archive_write_new();
assert(ar);

6
lib/package_script.c
View File

@@ -1,5 +1,5 @@
/*-
* Copyright (c) 2012-2013 Juan Romero Pardines.
* Copyright (c) 2012-2015 Juan Romero Pardines.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -43,6 +43,7 @@ xbps_pkg_exec_buffer(struct xbps_handle *xhp,
const char *tmpdir, *version;
char *pkgname, *fpath;
int fd, rv;
mode_t mask;
assert(blob);
assert(pkgver);
@@ -71,12 +72,15 @@ xbps_pkg_exec_buffer(struct xbps_handle *xhp,
}
/* Create temp file to run script */
mask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
if ((fd = mkstemp(fpath)) == -1) {
umask(mask);
rv = errno;
xbps_dbg_printf(xhp, "%s: mkstemp %s\n",
__func__, strerror(errno));
goto out;
}
umask(mask);
/* write blob to our temp fd */
ret = write(fd, blob, blobsiz);
if (ret == -1) {