Re: [PATCH] Coverity issue 740457

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 29 Dec 2012 13:17:24 +1300

On 29/12/2012 5:19 a.m., Kinkie wrote:
> Hi all,
> the attached patch addresses Coverity issue 740457 ( Using an
> insecure temporary file creation function ).
> The complaint is that umask(2) is not called before creating a
> temporary file in mail_warranty().
>
> --
> /kinkie

This seems to be droppign the small mkstemp optimization makign use of
its FD return result as the already open file.

I think we should be calling umask() before before the whole #if segment
and reset it on each of "return" as well as on successful completion.

Amos
Received on Sat Dec 29 2012 - 00:17:35 MST

This archive was generated by hypermail 2.2.0 : Sat Dec 29 2012 - 12:00:50 MST