oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hx509: create files with safe mode_t

Browse Source
This commit is contained in:
Nicolas Williams
2019-07-04 20:13:27 -05:00
parent 5a0d85e423
commit e4b35ba13f
1 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/hx509/ks_file.c
View File

@@ -415,6 +415,10 @@ file_init_common(hx509_context context,
*/ */
if (flags & HX509_CERTS_CREATE) { if (flags & HX509_CERTS_CREATE) {
/*
* Note that the file creation is deferred until file_store() is
* called.
*/
ret = hx509_certs_init(context, "MEMORY:ks-file-create", ret = hx509_certs_init(context, "MEMORY:ks-file-create",
0, lock, &ksf->certs); 0, lock, &ksf->certs);
if (ret) if (ret)
@@ -586,12 +590,18 @@ file_store(hx509_context context,
struct ks_file *ksf = data; struct ks_file *ksf = data;
struct store_ctx sc; struct store_ctx sc;
int ret; int ret;
int fd;
sc.f = fopen(ksf->fn, "w"); sc.f = NULL;
fd = open(ksf->fn, O_CREAT | O_WRONLY, 0600);
if (fd > -1)
sc.f = fdopen(fd, "w");
if (sc.f == NULL) { if (sc.f == NULL) {
hx509_set_error_string(context, 0, ENOENT, hx509_set_error_string(context, 0, ret = errno,
"Failed to open file %s for writing"); "Failed to open file %s for writing", ksf->fn);
return ENOENT; if (fd > -1)
(void) close(fd);
return ret;
} }
rk_cloexec_file(sc.f); rk_cloexec_file(sc.f);
sc.format = ksf->format; sc.format = ksf->format;