From 96a246a8944cfd9154a75e7dc66fc9aacc39dbf3 Mon Sep 17 00:00:00 2001
From: Sakshi <sabansal@redhat.com>
Date: Wed, 15 Apr 2015 15:30:51 +0530
Subject: glusterd: coverity fix for insecure temporary file

Set umask before creating temporary file

Backport of http://review.gluster.org/9558

> Change-Id: Ia39af63b05ce68f3f3af6585b70d4129a5530269
> BUG: 789278
> Signed-off-by: Sakshi <sabansal@redhat.com>
> Reviewed-on: http://review.gluster.org/9558
> Smoke: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
> CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
> Reviewed-by: Jeff Darcy <jdarcy@redhat.com>

Change-Id: Ia39af63b05ce68f3f3af6585b70d4129a5530269
BUG: 1215026
Signed-off-by: Sakshi <sabansal@redhat.com>
Reviewed-on: http://review.gluster.org/13984
Smoke: Gluster Build System <jenkins@build.gluster.com>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-mountbroker.c | 3 +++
 xlators/mgmt/glusterd/src/glusterd-utils.c       | 3 +++
 2 files changed, 6 insertions(+)

(limited to 'xlators/mgmt/glusterd')

diff --git a/xlators/mgmt/glusterd/src/glusterd-mountbroker.c b/xlators/mgmt/glusterd/src/glusterd-mountbroker.c
index e837b2fd64d..8e4e10552c5 100644
--- a/xlators/mgmt/glusterd/src/glusterd-mountbroker.c
+++ b/xlators/mgmt/glusterd/src/glusterd-mountbroker.c
@@ -528,6 +528,7 @@ glusterd_do_mount (char *label, dict_t *argdict, char **path, int *op_errno)
         runner_t runner            = {0,};
         int ret                    = 0;
         xlator_t *this             = THIS;
+        mode_t orig_umask          = 0;
 
         priv = this->private;
         GF_ASSERT (priv);
@@ -627,7 +628,9 @@ glusterd_do_mount (char *label, dict_t *argdict, char **path, int *op_errno)
                 *op_errno = ENOMEM;
                 goto out;
         }
+        orig_umask = umask(S_IRWXG | S_IRWXO);
         ret = mkstemp (cookie);
+        umask(orig_umask);
         if (ret == -1) {
                 *op_errno = errno;
                 goto out;
diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.c b/xlators/mgmt/glusterd/src/glusterd-utils.c
index 15c83acbe9c..4d4f22ee7e9 100644
--- a/xlators/mgmt/glusterd/src/glusterd-utils.c
+++ b/xlators/mgmt/glusterd/src/glusterd-utils.c
@@ -2059,6 +2059,7 @@ glusterd_volume_compute_cksum (glusterd_volinfo_t  *volinfo, char *cksum_path,
         gf_boolean_t            unlink_sortfile         = _gf_false;
         glusterd_conf_t        *priv                    = NULL;
         xlator_t               *this                    = NULL;
+        mode_t                  orig_umask              = 0;
 
         GF_ASSERT (volinfo);
         this = THIS;
@@ -2079,7 +2080,9 @@ glusterd_volume_compute_cksum (glusterd_volinfo_t  *volinfo, char *cksum_path,
                 snprintf (sort_filepath, sizeof (sort_filepath),
                           "/tmp/%s.XXXXXX", volinfo->volname);
 
+                orig_umask = umask(S_IRWXG | S_IRWXO);
                 sort_fd = mkstemp (sort_filepath);
+                umask(orig_umask);
                 if (sort_fd < 0) {
                         gf_msg (this->name, GF_LOG_ERROR, errno,
                                 GD_MSG_FILE_OP_FAILED, "Could not generate "
-- 
cgit