Fix coverity scan issue 740457: unsecure temporary file creation

diff --git a/src/tools.cc b/src/tools.cc
index 069caef7410bcb7f82e5075dd76bbbf749087e3e..b8fcc5f031fcd8da0971cb53cd688632f90bf4ca 100644 (file)
--- a/src/tools.cc
+++ b/src/tools.cc
@@ -130,28 +130,29 @@ mail_warranty(void)
 {
     FILE *fp = NULL;
     static char command[256];
-#if HAVE_MKSTEMP
+    bool do_free_filename=false;
+
+    const mode_t prev_umask=umask(S_IRWXU);
 
+#if HAVE_MKSTEMP
     char filename[] = "/tmp/squid-XXXXXX";
     int tfd = mkstemp(filename);
-
-    if (tfd < 0)
+    if (tfd < 0 || (fp = fdopen(tfd, "w")) == NULL) {
+        umask(prev_umask);
         return;
-
-    if ((fp = fdopen(tfd, "w")) == NULL)
-        return;
-
+    }
 #else
-
     char *filename;
-
-    if ((filename = tempnam(NULL, APP_SHORTNAME)) == NULL)
-        return;
-
-    if ((fp = fopen(filename, "w")) == NULL)
+    do_free_filename=true;
+    // XXX tempnam is obsolete since POSIX.2008-1
+    // tmpfile is not an option, we want the created files to stick around
+    if ((filename = tempnam(NULL, APP_SHORTNAME)) == NULL ||
+        (fp = fopen(filename, "w")) == NULL) {
+        umask(prev_umask);
         return;
-
+    }
 #endif
+    umask(prev_umask);
 
     if (Config.EmailFrom)
         fprintf(fp, "From: %s\n", Config.EmailFrom);
@@ -159,16 +160,14 @@ mail_warranty(void)
         fprintf(fp, "From: %s@%s\n", APP_SHORTNAME, uniqueHostname());
 
     fprintf(fp, "To: %s\n", Config.adminEmail);
-
     fprintf(fp, "Subject: %s\n", dead_msg());
-
     fclose(fp);
 
     snprintf(command, 256, "%s %s < %s", Config.EmailProgram, Config.adminEmail, filename);
-
     if (system(command)) {}            /* XXX should avoid system(3) */
-
     unlink(filename);
+    if (do_free_filename)
+        xfree(filename);
 }
 
 void