From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8456E138350 for ; Wed, 22 Jan 2020 19:54:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 34AEBE0878; Wed, 22 Jan 2020 19:54:08 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DD1ACE0877 for ; Wed, 22 Jan 2020 19:54:07 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 00E3134E37F for ; Wed, 22 Jan 2020 19:54:06 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E7258104 for ; Wed, 22 Jan 2020 19:54:02 +0000 (UTC) From: "Fabian Groffen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Fabian Groffen" Message-ID: <1579722781.2a819a2ff765005b4e6dbda35f794443c27522ee.grobian@gentoo> Subject: [gentoo-commits] proj/portage-utils:master commit in: / X-VCS-Repository: proj/portage-utils X-VCS-Files: qpkg.c X-VCS-Directories: / X-VCS-Committer: grobian X-VCS-Committer-Name: Fabian Groffen X-VCS-Revision: 2a819a2ff765005b4e6dbda35f794443c27522ee X-VCS-Branch: master Date: Wed, 22 Jan 2020 19:54:02 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 21a1a064-2dfe-4a8b-a1dc-7199bb2dc8d6 X-Archives-Hash: 25f003af31c9dc66cd68200618001ce0 commit: 2a819a2ff765005b4e6dbda35f794443c27522ee Author: Fabian Groffen gentoo org> AuthorDate: Wed Jan 22 19:53:01 2020 +0000 Commit: Fabian Groffen gentoo org> CommitDate: Wed Jan 22 19:53:01 2020 +0000 URL: https://gitweb.gentoo.org/proj/portage-utils.git/commit/?id=2a819a2f qpkg: fix Coverity 125928 Insecure temporary file Signed-off-by: Fabian Groffen gentoo.org> qpkg.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/qpkg.c b/qpkg.c index 948d564..eaca37b 100644 --- a/qpkg.c +++ b/qpkg.c @@ -179,6 +179,7 @@ qpkg_make(depend_atom *atom) int i; char *xpak_argv[2]; struct stat st; + mode_t mask; if (pretend) { printf(" %s-%s %s:\n", @@ -197,7 +198,10 @@ qpkg_make(depend_atom *atom) } snprintf(tmpdir, sizeof(tmpdir), "%s/qpkg.XXXXXX", qpkg_bindir); - if ((i = mkstemp(tmpdir)) == -1) { + mask = umask(0077); + i = mkstemp(tmpdir); + umask(mask); + if (i == -1) { fclose(fp); free(buf); return -2;