Securely set umask when using mkstemp

Coverity 12394, 12395, 12396, 12397 and 12398
author: Stephen Gallagher <sgallagh@redhat.com> 2011-12-16 11:13:55 -0500
committer: Stephen Gallagher <sgallagh@redhat.com> 2011-12-19 11:38:35 -0500
commit: 69420a154fc9fb8b04f437125a6a0604b26b1292 (patch)
tree: 4b8e118a394baa2cc0ceeaeadbd04d12db973ef7 /src/providers/krb5/krb5_common.c
parent: 05113318e280904f2a1ce3721b8d6504afd7e7df (diff)
download: sssd-69420a154fc9fb8b04f437125a6a0604b26b1292.tar.gz
sssd-69420a154fc9fb8b04f437125a6a0604b26b1292.tar.xz
sssd-69420a154fc9fb8b04f437125a6a0604b26b1292.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index a065727a7..c2cb94b61 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -290,6 +290,7 @@ errno_t write_krb5info_file(const char *realm, const char *server,
     const char *name_tmpl = NULL;
     int server_len;
     ssize_t written;
+    mode_t old_umask;
 
     if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' ||
         service == NULL || service == '\0') {
@@ -328,7 +329,9 @@ errno_t write_krb5info_file(const char *realm, const char *server,
         goto done;
     }
 
+    old_umask = umask(077);
     fd = mkstemp(tmp_name);
+    umask(old_umask);
     if (fd == -1) {
         ret = errno;
         DEBUG(1, ("mkstemp failed [%d][%s].\n", ret, strerror(ret)));
author	Stephen Gallagher <sgallagh@redhat.com>	2011-12-16 11:13:55 -0500
committer	Stephen Gallagher <sgallagh@redhat.com>	2011-12-19 11:38:35 -0500
commit	69420a154fc9fb8b04f437125a6a0604b26b1292 (patch)
tree	4b8e118a394baa2cc0ceeaeadbd04d12db973ef7 /src/providers/krb5/krb5_common.c
parent	05113318e280904f2a1ce3721b8d6504afd7e7df (diff)
download	sssd-69420a154fc9fb8b04f437125a6a0604b26b1292.tar.gz sssd-69420a154fc9fb8b04f437125a6a0604b26b1292.tar.xz sssd-69420a154fc9fb8b04f437125a6a0604b26b1292.zip