2476a2db73
- SECURITY: don't create world readable files. CVE-2011-4919 - avoid conflicting prototypes
39 lines
932 B
Plaintext
39 lines
932 B
Plaintext
$OpenBSD: patch-unixos_c,v 1.4 2012/01/08 00:12:13 sthen Exp $
|
|
|
|
Fixes from Sebastian Pipping
|
|
http://git.goodpoint.de/?p=mpack.git;a=commitdiff;h=0c87201f64491575350b18d04c62ec142e119d1f
|
|
|
|
--- unixos.c.orig Mon Jul 21 21:54:05 2003
|
|
+++ unixos.c Sun Jan 8 00:06:09 2012
|
|
@@ -30,6 +30,7 @@
|
|
#include <sys/param.h>
|
|
#include <netdb.h>
|
|
#include <fcntl.h>
|
|
+#include <stdlib.h>
|
|
#include "xmalloc.h"
|
|
#include "common.h"
|
|
#include "part.h"
|
|
@@ -38,10 +39,6 @@
|
|
#define MAXHOSTNAMELEN 64
|
|
#endif
|
|
|
|
-extern int errno;
|
|
-extern char *malloc();
|
|
-extern char *getenv();
|
|
-
|
|
int overwrite_files = 0;
|
|
int didchat;
|
|
|
|
@@ -137,9 +134,9 @@ FILE *os_createnewfile(char *fname)
|
|
FILE *ret;
|
|
|
|
#ifdef O_EXCL
|
|
- fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0644);
|
|
+ fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0600);
|
|
#else
|
|
- fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0644);
|
|
+ fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0600);
|
|
#endif
|
|
|
|
if (fd == -1)
|