From: Mike Swanson <mikeonthecomputer@gmail.com>
Date: Sun, 9 Jun 2019 04:54:02 +0000 (-0700)
Subject: [programs] set chmod 600 after opening destination file
X-Git-Tag: v1.4.1^2~26^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3968160a916a759c3d3418da533e1b4f8b795343;p=thirdparty%2Fzstd.git

[programs] set chmod 600 after opening destination file

This resolves a race condition where zstd or unzstd may expose read
permissions beyond the original file allowed.  Mode 600 is used
temporarily during the compression and decompression write stage
and the new file inherits the original file’s mode at the end.

Fixes #1630
---

diff --git a/programs/fileio.c b/programs/fileio.c
index 3c45a9864..12e1537e6 100644
--- a/programs/fileio.c
+++ b/programs/fileio.c
@@ -566,6 +566,7 @@ static FILE* FIO_openDstFile(FIO_prefs_t* const prefs, const char* srcFileName,
     {   FILE* const f = fopen( dstFileName, "wb" );
         if (f == NULL)
             DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
+        chmod(dstFileName, 00600);
         return f;
     }
 }