commit: 2a819a2ff765005b4e6dbda35f794443c27522ee
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 22 19:53:01 2020 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Jan 22 19:53:01 2020 +0000
URL: https://gitweb.gentoo.org/proj/portage-utils.git/commit/?id=2a819a2f
qpkg: fix Coverity 125928 Insecure temporary file
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
qpkg.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/qpkg.c b/qpkg.c
index 948d564..eaca37b 100644
--- a/qpkg.c
+++ b/qpkg.c
@@ -179,6 +179,7 @@ qpkg_make(depend_atom *atom)
int i;
char *xpak_argv[2];
struct stat st;
+ mode_t mask;
if (pretend) {
printf(" %s-%s %s:\n",
@@ -197,7 +198,10 @@ qpkg_make(depend_atom *atom)
}
snprintf(tmpdir, sizeof(tmpdir), "%s/qpkg.XXXXXX", qpkg_bindir);
- if ((i = mkstemp(tmpdir)) == -1) {
+ mask = umask(0077);
+ i = mkstemp(tmpdir);
+ umask(mask);
+ if (i == -1) {
fclose(fp);
free(buf);
return -2;
