File 0001-PATCH-Use-umask-to-Constrain-Created-File-... of Package zstd

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-PATCH-Use-umask-to-Constrain-Created-File-Permission.patch of Package zstd

From 001a29660e73a8fce10f225ae5e3f7fedf592bbc Mon Sep 17 00:00:00 2001
From: Ali Abdallah <ali.abdallah@suse.com>
Date: Thu, 11 Mar 2021 16:33:27 +0100
Subject: [PATCH] [PATCH] Use umask() to Constrain Created File Permissions

backport a774c5797399040af62db21d8a9b9769e005430e
CVE-2021-24032
----

This commit addresses #2491.

Note that a downside of this solution is that it is global: `umask()`
affects
all file creation calls in the process. I believe this is safe since
`fileio.c` functions should only ever be used in the zstd binary, and
these
are (almost) the only files ever created by zstd, and AIUI they're only
created in a single thread. So we can get away with messing with global
state.

Note that this doesn't change the permissions of files created by
`dibio.c`.
I'm not sure what those should be...
---
 programs/fileio.c | 6 +++---
 programs/util.c   | 9 +++++++++
 programs/util.h   | 7 ++++++-
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/programs/fileio.c b/programs/fileio.c
index 98337672..6280dbb9 100644
--- a/programs/fileio.c
+++ b/programs/fileio.c
@@ -606,11 +606,11 @@ FIO_openDstFile(FIO_prefs_t* const prefs,
             FIO_remove(dstFileName);
     }   }
 
-    {   FILE* const f = fopen( dstFileName, "wb" );
+    {   const int old_umask = UTIL_umask(0177); /* u-x,go-rwx */
+        FILE* const f = fopen( dstFileName, "wb" );
+        UTIL_umask(old_umask);
         if (f == NULL) {
             DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
-        } else if(srcFileName != NULL && strcmp (srcFileName, stdinmark)) {
-            chmod(dstFileName, 00600);
         }
         return f;
     }
diff --git a/programs/util.c b/programs/util.c
index 5d15450d..bb4dac7e 100644
--- a/programs/util.c
+++ b/programs/util.c
@@ -54,6 +54,15 @@ int UTIL_getFileStat(const char* infilename, stat_t *statbuf)
     return 1;
 }
 
+int UTIL_umask(int mode) {
+#if PLATFORM_POSIX_VERSION > 0
+    return umask(mode);
+#else
+    /* do nothing, fake return value */
+    return mode;
+#endif
+}
+
 int UTIL_setFileStat(const char *filename, stat_t *statbuf)
 {
     int res = 0;
diff --git a/programs/util.h b/programs/util.h
index 1f524f29..2a0fe198 100644
--- a/programs/util.h
+++ b/programs/util.h
@@ -24,7 +24,7 @@ extern "C" {
 #include <stddef.h>       /* size_t, ptrdiff_t */
 #include <stdio.h>        /* fprintf */
 #include <sys/types.h>    /* stat, utime */
-#include <sys/stat.h>     /* stat, chmod */
+#include <sys/stat.h>     /* stat, chmod, umask */
 #if defined(_WIN32)
 #  include <sys/utime.h>  /* utime */
 #  include <io.h>         /* _chmod */
@@ -146,6 +146,11 @@ U64 UTIL_getFileSize(const char* infilename);
 
 U64 UTIL_getTotalFileSize(const char* const * const fileNamesTable, unsigned nbFiles);
 
+/**
+ * Wraps umask(). Does nothing when the platform doesn't have that concept.
+ */
+int UTIL_umask(int mode);
+
 /*
  * A modified version of realloc().
  * If UTIL_realloc() fails the original block is freed.
-- 
2.30.1

Places

File 0001-PATCH-Use-umask-to-Constrain-Created-File-Permission.patch of Package zstd

Places