From 7f0fb0440c54ae131dabb5b6c7e8e8bce9838ee6 Mon Sep 17 00:00:00 2001
From: Miciah Dashiel Butler Masters <miciah@myrealbox.com>
Date: Sun, 1 Oct 2006 14:57:47 +0000
Subject: [PATCH] Secure file saving: restore umask after _all_ failure
 conditions

The secure file saving code plays some shenanigans with the umask.
Previously, the code could fail to restore the old umask when certain libc
calls failed: malloc, mkstemp, fdopen, and fopen. This resulted in
unrelated code creating files with the wrong umode. Specifically, the
download code's automatic directory creation was creating directories
without the execute permission bit.

Thanks to Quiznos for reporting and helping to track the problem down.
---
 src/util/secsave.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/util/secsave.c b/src/util/secsave.c
index 23ea093a..10ffd326 100644
--- a/src/util/secsave.c
+++ b/src/util/secsave.c
@@ -69,9 +69,8 @@ enum secsave_errno secsave_errno = SS_ERR_NONE;
 /* Open a file for writing in a secure way. It returns a pointer to a structure
  * secure_save_info on success, or NULL on failure. */
 static struct secure_save_info *
-secure_open_umask(unsigned char *file_name, mode_t mask)
+secure_open_umask(unsigned char *file_name)
 {
-	mode_t saved_mask;
 	struct stat st;
 	struct secure_save_info *ssi;
 
@@ -144,8 +143,6 @@ secure_open_umask(unsigned char *file_name, mode_t mask)
 		}
 	}
 
-	saved_mask = umask(mask);
-
 	if (ssi->secure_save) {
 		/* We use a random name for temporary file, mkstemp() opens
 		 * the file and return a file descriptor named fd, which is
@@ -187,8 +184,6 @@ secure_open_umask(unsigned char *file_name, mode_t mask)
 		}
 	}
 
-	umask(saved_mask);
-
 	return ssi;
 
 free_file_name:
@@ -206,12 +201,20 @@ end:
 struct secure_save_info *
 secure_open(unsigned char *file_name)
 {
+	struct secure_save_info *ssi;
+	mode_t saved_mask;
 #ifdef CONFIG_OS_WIN32
 	/* There is neither S_IRWXG nor S_IRWXO under crossmingw32-gcc */
-	return secure_open_umask(file_name, 0177);
+	const mode_t mask = 0177;
 #else
-	return secure_open_umask(file_name, S_IXUSR | S_IRWXG | S_IRWXO);
+	const mode_t mask = S_IXUSR | S_IRWXG | S_IRWXO;
 #endif
+	
+	saved_mask = umask(mask);
+	ssi = secure_open_umask(file_name);
+	umask(saved_mask);
+
+	return ssi;
 }
 
 /* Close a file opened with secure_open, and return 0 on success, errno