Fix coverity scan issue 740457: unsecure temporary file creation

diff --git a/src/tools.cc b/src/tools.cc
index ad9f20ad35487724a358009f8bd78e6cd38381a0..68756ee73618b984f41c502f6d656dbfba36483a 100644 (file)
--- a/src/tools.cc
+++ b/src/tools.cc
@@ -114,28 +114,27 @@ mail_warranty(void)
 {
     FILE *fp = NULL;
     static char command[256];
-#if HAVE_MKSTEMP
 
+    const mode_t prev_umask=umask(S_IRWXU);
+
+#if HAVE_MKSTEMP
     char filename[] = "/tmp/squid-XXXXXX";
     int tfd = mkstemp(filename);
-
-    if (tfd < 0)
-        return;
-
-    if ((fp = fdopen(tfd, "w")) == NULL)
+    if (tfd < 0 || (fp = fdopen(tfd, "w")) == NULL) {
+        umask(prev_umask);
         return;
-
+    }
 #else
-
     char *filename;
-
-    if ((filename = tempnam(NULL, APP_SHORTNAME)) == NULL)
+    // XXX tempnam is obsolete since POSIX.2008-1
+    // tmpfile is not an option, we want the created files to stick around
+    if ((filename = tempnam(NULL, APP_SHORTNAME)) == NULL ||
+            (fp = fopen(filename, "w")) == NULL) {
+        umask(prev_umask);
         return;
-
-    if ((fp = fopen(filename, "w")) == NULL)
-        return;
-
+    }
 #endif
+    umask(prev_umask);
 
     if (Config.EmailFrom)
         fprintf(fp, "From: %s\n", Config.EmailFrom);
@@ -143,16 +142,15 @@ mail_warranty(void)
         fprintf(fp, "From: %s@%s\n", APP_SHORTNAME, uniqueHostname());
 
     fprintf(fp, "To: %s\n", Config.adminEmail);
-
     fprintf(fp, "Subject: %s\n", dead_msg());
-
     fclose(fp);
 
     snprintf(command, 256, "%s %s < %s", Config.EmailProgram, Config.adminEmail, filename);
-
     if (system(command)) {}            /* XXX should avoid system(3) */
-
     unlink(filename);
+#if !HAVE_MKSTEMP
+    xfree(filename); // tempnam() requires us to free its allocation
+#endif
 }
 
 void