From cd139a88f4994c3560b56d0a3166ebfc395e42b8 Mon Sep 17 00:00:00 2001
From: Marek Schimara <Marek.Schimara@bull.net>
Date: Wed, 15 Jun 2016 09:25:45 +0200
Subject: [PATCH] src/rrd_create.c: fix Coverity CID#32425 Insecure temporary
 file

        CWE-377 / https://cwe.mitre.org/data/definitions/377.html
---
 src/rrd_create.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/rrd_create.c b/src/rrd_create.c
index ac5c8ff4..9adc0f04 100644
--- a/src/rrd_create.c
+++ b/src/rrd_create.c
@@ -1313,6 +1313,7 @@ done:
 int write_rrd(const char *outfilename, rrd_t *out) {
     int rc = -1;
     char *tmpfilename = NULL;
+    mode_t saved_umask;
 
     /* write out the new file */
 #ifdef HAVE_LIBRADOS
@@ -1337,7 +1338,10 @@ int write_rrd(const char *outfilename, rrd_t *out) {
 	strcpy(tmpfilename, outfilename);
 	strcat(tmpfilename, "XXXXXX");
 	
+	/* fix CWE-377 */
+	saved_umask = umask(S_IRUSR|S_IWUSR);
 	int tmpfd = mkstemp(tmpfilename);
+	umask(saved_umask);
 	if (tmpfd < 0) {
 	    rrd_set_error("Cannot create temporary file");
 	    goto done;
-- 
2.47.2