From 9395b30964ede412ff48e744360b02920daa3a17 Mon Sep 17 00:00:00 2001
From: Sakshi <sabansal@redhat.com>
Date: Wed, 15 Apr 2015 15:30:51 +0530
Subject: glusterd: coverity fix for insecure temporary file

Set umask before creating temporary file

Change-Id: Ia39af63b05ce68f3f3af6585b70d4129a5530269
BUG: 789278
Signed-off-by: Sakshi <sabansal@redhat.com>
Reviewed-on: http://review.gluster.org/9558
Smoke: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-mountbroker.c | 3 +++
 xlators/mgmt/glusterd/src/glusterd-utils.c       | 3 +++
 2 files changed, 6 insertions(+)

(limited to 'xlators')

diff --git a/xlators/mgmt/glusterd/src/glusterd-mountbroker.c b/xlators/mgmt/glusterd/src/glusterd-mountbroker.c
index 3125612d2cf..7c069ced984 100644
--- a/xlators/mgmt/glusterd/src/glusterd-mountbroker.c
+++ b/xlators/mgmt/glusterd/src/glusterd-mountbroker.c
@@ -525,6 +525,7 @@ glusterd_do_mount (char *label, dict_t *argdict, char **path, int *op_errno)
         runner_t runner            = {0,};
         int ret                    = 0;
         xlator_t *this             = THIS;
+        mode_t orig_umask          = 0;
 
         priv = this->private;
         GF_ASSERT (priv);
@@ -624,7 +625,9 @@ glusterd_do_mount (char *label, dict_t *argdict, char **path, int *op_errno)
                 *op_errno = ENOMEM;
                 goto out;
         }
+        orig_umask = umask(S_IRWXG | S_IRWXO);
         ret = mkstemp (cookie);
+        umask(orig_umask);
         if (ret == -1) {
                 *op_errno = errno;
                 goto out;
diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.c b/xlators/mgmt/glusterd/src/glusterd-utils.c
index 2aa6a06a4ef..66054794fd7 100644
--- a/xlators/mgmt/glusterd/src/glusterd-utils.c
+++ b/xlators/mgmt/glusterd/src/glusterd-utils.c
@@ -2086,6 +2086,7 @@ glusterd_volume_compute_cksum (glusterd_volinfo_t  *volinfo, char *cksum_path,
         gf_boolean_t            unlink_sortfile         = _gf_false;
         glusterd_conf_t        *priv                    = NULL;
         xlator_t               *this                    = NULL;
+        mode_t                  orig_umask              = 0;
 
         GF_ASSERT (volinfo);
         this = THIS;
@@ -2106,7 +2107,9 @@ glusterd_volume_compute_cksum (glusterd_volinfo_t  *volinfo, char *cksum_path,
                 snprintf (sort_filepath, sizeof (sort_filepath),
                           "/tmp/%s.XXXXXX", volinfo->volname);
 
+                orig_umask = umask(S_IRWXG | S_IRWXO);
                 sort_fd = mkstemp (sort_filepath);
+                umask(orig_umask);
                 if (sort_fd < 0) {
                         gf_msg (this->name, GF_LOG_ERROR, errno,
                                 GD_MSG_FILE_OP_FAILED, "Could not generate "
-- 
cgit