[dpdk-dev] [PATCH] vhost: fix insecure temporary file
Jin Yu
jin.yu at intel.com
Tue Nov 26 16:19:00 CET 2019
When using mkstemp(), remember to safely set the umask
before to restrict the resulting temporary file
permissions to only the owner.
Coverity issue: 350367
Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing")
Cc: stable at dpdk.org
Signed-off-by: Jin Yu <jin.yu at intel.com>
---
lib/librte_vhost/vhost_user.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 0cfb8b792..1a68e23e3 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -1342,6 +1342,7 @@ inflight_mem_alloc(const char *name, size_t size, int *fd)
RTE_SET_USED(name);
#endif
if (mfd == -1) {
+ mode_t mask = umask(0600);
mfd = mkstemp(fname);
if (mfd == -1) {
RTE_LOG(ERR, VHOST_CONFIG,
@@ -1349,6 +1350,7 @@ inflight_mem_alloc(const char *name, size_t size, int *fd)
return NULL;
}
+ umask(mask);
unlink(fname);
}
--
2.17.2
More information about the dev
mailing list