From 0374d32f61cfd8dcc33ca33d42abc02cccaebc24 Mon Sep 17 00:00:00 2001
From: Juergen Perlinger <perlinger@ntp.org>
Date: Tue, 13 Oct 2015 23:31:28 +0200
Subject: [PATCH] [Bug 2938] ntpq saveconfig command allows dangerous
 characters in filenames.  - make sure the file does not exist (no overwrite
 allowed)  - ensure text mode where applicable (windows)

bk: 561d7830p8KzhIhbAIMI44K_t0l7lQ
---
 ntpd/ntp_control.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c
index 53347f132..13cdb0046 100644
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -944,6 +944,21 @@ save_config(
 {
 #ifdef SAVECONFIG
 	static const char savedconfig_eq[] = "savedconfig=";
+
+	/* Build a safe open mode from the available mode flags. We want
+	 * to create a new file and write it in text mode (when
+	 * applicable -- only Windows does this...)
+	 */
+	static const int openmode = O_CREAT | O_TRUNC | O_WRONLY
+#  if defined(O_EXCL)		/* posix, vms */
+	    | O_EXCL
+#  elif defined(_O_EXCL)	/* windows is alway very special... */
+	    | _O_EXCL
+#  endif
+#  if defined(_O_TEXT)		/* windows, again */
+	    | _O_TEXT
+#endif
+	    ; 
 	
 	char filespec[128];
 	char filename[128];
@@ -1063,15 +1078,14 @@ save_config(
 		return;
 	}
 
-	fd = open(fullpath, O_CREAT | O_TRUNC | O_WRONLY,
-		  S_IRUSR | S_IWUSR);
+	fd = open(fullpath, openmode, S_IRUSR | S_IWUSR);
 	if (-1 == fd)
 		fptr = NULL;
 	else
 		fptr = fdopen(fd, "w");
 
 	if (NULL == fptr || -1 == dump_all_config_trees(fptr, 1)) {
-		ctl_printf("Unable to save configuration to file '%s'",
+		ctl_printf("Unable to save configuration to file '%s': %m",
 			   filename);
 		msyslog(LOG_ERR,
 			"saveconfig %s from %s failed", filename,
-- 
2.47.3