From 169f38c1e25750f935838b670871056428977e6b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 5 May 2014 22:46:08 +0200
Subject: [PATCH] bugfix#573 ldns-keygen write private mode 0600

---
 Changelog              |  2 ++
 examples/ldns-keygen.c | 37 +++++++++++++++++++++++++------------
 2 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/Changelog b/Changelog
index 5491fc29..cabf154c 100644
--- a/Changelog
+++ b/Changelog
@@ -11,6 +11,8 @@ TBD
 	* bugfix #562: ldns-keygen match DSA key maximum size with library.
 	  And check keysizes with all algorithms. Thanks Peter Koch.
 	* ldns-verify-zone accepts only one single zonefile as argument.
+	* bugfix #573: ldns-keygen write private keys with mode 0600.
+	  Thanks Leon Weber
 
 1.6.17	2014-01-10
 	* Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
diff --git a/examples/ldns-keygen.c b/examples/ldns-keygen.c
index 1b8a00af..93a1ee73 100644
--- a/examples/ldns-keygen.c
+++ b/examples/ldns-keygen.c
@@ -10,6 +10,9 @@
 
 #include <ldns/ldns.h>
 
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
 #include <errno.h>
 
 #ifdef HAVE_SSL
@@ -48,6 +51,7 @@ int
 main(int argc, char *argv[])
 {
 	int c;
+	int fd;
 	char *prog;
 
 	/* default key size */
@@ -254,21 +258,21 @@ main(int argc, char *argv[])
 	/* print the priv key to stderr */
 	filename = LDNS_XMALLOC(char, strlen(owner) + 21);
 	snprintf(filename, strlen(owner) + 20, "K%s+%03u+%05u.private", owner, algorithm, (unsigned int) ldns_key_keytag(key));
-	file = fopen(filename, "w");
+	/* use open() here to prevent creating world-readable private keys (CVE-2014-3209)*/
+	fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+	if (fd < 0) {
+		goto fail;
+	}
+
+	file = fdopen(fd, "w");
 	if (!file) {
-		fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
-		ldns_key_deep_free(key);
-		free(owner);
-		ldns_rr_free(pubkey);
-		ldns_rr_free(ds);
-		LDNS_FREE(filename);
-		exit(EXIT_FAILURE);
-	} else {
-		ldns_key_print(file, key);
-		fclose(file);
-		LDNS_FREE(filename);
+		goto fail;
 	}
 
+	ldns_key_print(file, key);
+	fclose(file);
+	LDNS_FREE(filename);
+
 	/* print the DS to .ds */
 	if (algorithm != LDNS_SIGN_HMACMD5 &&
 		algorithm != LDNS_SIGN_HMACSHA1 &&
@@ -300,6 +304,15 @@ main(int argc, char *argv[])
 	ldns_rr_free(pubkey);
 	ldns_rr_free(ds);
 	exit(EXIT_SUCCESS);
+
+fail:
+	fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
+	ldns_key_deep_free(key);
+	free(owner);
+	ldns_rr_free(pubkey);
+	ldns_rr_free(ds);
+	LDNS_FREE(filename);
+	exit(EXIT_FAILURE);
 }
 #else
 int
-- 
2.47.3