Commit8346218

committed

Restrict file mode creation mask during tmpfile().

Per Coverity. Back-patch to 9.0 (all supported versions).Michael Paquier, reviewed (in earlier versions) by Heikki Linnakangas.

1 parentba51774 commit8346218Copy full SHA for 8346218

File tree

+12

-0

lines changed

+12

-0

lines changed

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -379,8 +379,18 @@ tarOpen(ArchiveHandle AH, const char filename, char mode)`
`379`	`379`	`}`
`380`	`380`	`else`
`381`	`381`	`{`
	`382`	`+intold_umask;`
	`383`	`+`
`382`	`384`	`tm=pg_malloc0(sizeof(TAR_MEMBER));`
`383`	`385`
	`386`	`+/*`
	`387`	`+ * POSIX does not require, but permits, tmpfile() to restrict file`
	`388`	`+ * permissions. Given an OS crash after we write data, the filesystem`
	`389`	`+ * might retain the data but forget tmpfile()'s unlink(). If so, the`
	`390`	`+ * file mode protects confidentiality of the data written.`
	`391`	`+ */`
	`392`	`+old_umask=umask(S_IRWXG \|S_IRWXO);`
	`393`	`+`
`384`	`394`	`#ifndefWIN32`
`385`	`395`	`tm->tmpFH=tmpfile();`
`386`	`396`	`#else`
`@@ -415,6 +425,8 @@ tarOpen(ArchiveHandle AH, const char filename, char mode)`
`415`	`425`	`if (tm->tmpFH==NULL)`
`416`	`426`	`exit_horribly(modulename,"could not generate temporary file name: %s\n",strerror(errno));`
`417`	`427`
	`428`	`+umask(old_umask);`
	`429`	`+`
`418`	`430`	`#ifdefHAVE_LIBZ`
`419`	`431`
`420`	`432`	`if (AH->compression!=0)`

Comments

(0)