1
0
mirror of https://github.com/moparisthebest/curl synced 2025-01-11 05:58:01 -05:00

curl: improve the existing file check with -J

Previously a file that isn't user-readable but is user-writable would
not be properly avoided and would get overwritten.

Reported-by: BrumBrum on hackerone
Assisted-by: Jay Satiro
Bug: https://hackerone.com/reports/926638
Closes #5731
This commit is contained in:
Daniel Stenberg 2020-07-27 12:44:19 +02:00
parent 2b6b843bb1
commit 81b4e99b1e
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
3 changed files with 36 additions and 10 deletions

View File

@ -456,6 +456,16 @@ FILE *curl_dbg_fopen(const char *file, const char *mode,
return res; return res;
} }
FILE *curl_dbg_fdopen(int filedes, const char *mode,
int line, const char *source)
{
FILE *res = fdopen(filedes, mode);
if(source)
curl_dbg_log("FILE %s:%d fdopen(\"%d\",\"%s\") = %p\n",
source, line, filedes, mode, (void *)res);
return res;
}
int curl_dbg_fclose(FILE *file, int line, const char *source) int curl_dbg_fclose(FILE *file, int line, const char *source)
{ {
int res; int res;

View File

@ -8,7 +8,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -79,6 +79,9 @@ CURL_EXTERN RECV_TYPE_RETV curl_dbg_recv(RECV_TYPE_ARG1 sockfd,
/* FILE functions */ /* FILE functions */
CURL_EXTERN FILE *curl_dbg_fopen(const char *file, const char *mode, int line, CURL_EXTERN FILE *curl_dbg_fopen(const char *file, const char *mode, int line,
const char *source); const char *source);
CURL_EXTERN FILE *curl_dbg_fdopen(int filedes, const char *mode,
int line, const char *source);
CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source); CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source);
#ifndef MEMDEBUG_NODEFINES #ifndef MEMDEBUG_NODEFINES

View File

@ -21,6 +21,11 @@
***************************************************************************/ ***************************************************************************/
#include "tool_setup.h" #include "tool_setup.h"
#ifdef HAVE_FCNTL_H
/* for open() */
#include <fcntl.h>
#endif
#define ENABLE_CURLX_PRINTF #define ENABLE_CURLX_PRINTF
/* use our own printf() functions */ /* use our own printf() functions */
#include "curlx.h" #include "curlx.h"
@ -37,7 +42,7 @@ bool tool_create_output_file(struct OutStruct *outs,
struct OperationConfig *config) struct OperationConfig *config)
{ {
struct GlobalConfig *global; struct GlobalConfig *global;
FILE *file; FILE *file = NULL;
DEBUGASSERT(outs); DEBUGASSERT(outs);
DEBUGASSERT(config); DEBUGASSERT(config);
global = config->global; global = config->global;
@ -48,17 +53,25 @@ bool tool_create_output_file(struct OutStruct *outs,
if(outs->is_cd_filename) { if(outs->is_cd_filename) {
/* don't overwrite existing files */ /* don't overwrite existing files */
file = fopen(outs->filename, "rb"); #ifndef O_BINARY
if(file) { #define O_BINARY 0
fclose(file); #endif
warnf(global, "Refusing to overwrite %s: %s\n", outs->filename, int fd = open(outs->filename, O_CREAT | O_WRONLY | O_EXCL | O_BINARY,
strerror(EEXIST)); S_IRUSR | S_IWUSR
return FALSE; #ifdef S_IRGRP
| S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH
#endif
);
if(fd != -1) {
file = fdopen(fd, "wb");
if(!file)
close(fd);
} }
} }
else
/* open file for writing */
file = fopen(outs->filename, "wb");
/* open file for writing */
file = fopen(outs->filename, "wb");
if(!file) { if(!file) {
warnf(global, "Failed to create the file %s: %s\n", outs->filename, warnf(global, "Failed to create the file %s: %s\n", outs->filename,
strerror(errno)); strerror(errno));