From patchwork Fri Sep  9 04:30:57 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sam Mendoza-Jonas <sam@mendozajonas.com>
X-Patchwork-Id: 667889
Return-Path: 
 <petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3sVkmL4kPmz9ryn
	for <incoming@patchwork.ozlabs.org>;
	Fri,  9 Sep 2016 14:31:14 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com
	header.b=n11GUC7e; dkim-atps=neutral
Received: from ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])
	by lists.ozlabs.org (Postfix) with ESMTP id 3sVkmL3dxRzDrph
	for <incoming@patchwork.ozlabs.org>;
	Fri,  9 Sep 2016 14:31:14 +1000 (AEST)
Authentication-Results: lists.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com
	header.b=n11GUC7e; dkim-atps=neutral
X-Original-To: petitboot@lists.ozlabs.org
Delivered-To: petitboot@lists.ozlabs.org
Received: from mendozajonas.com (mendozajonas.com [188.166.185.233])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by lists.ozlabs.org (Postfix) with ESMTPS id 3sVkmG5pKczDrpW
	for <petitboot@lists.ozlabs.org>;
	Fri,  9 Sep 2016 14:31:10 +1000 (AEST)
Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com
	header.b=n11GUC7e; dkim-atps=neutral
Received: from skellige.ozlabs.ibm.com (unknown [122.99.82.10])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (Client did not present a certificate)
	(Authenticated sender: sam@mendozajonas.com)
	by mendozajonas.com (Postfix) with ESMTPSA id 648B114005E;
	Fri,  9 Sep 2016 12:31:06 +0800 (SGT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mendozajonas.com;
	s=mail; t=1473395467;
	bh=o3wY/xalJkTZR56pP20ymBFfaxAvJSLE2arr6KXdFI8=;
	h=From:To:Cc:Subject:Date:From;
	b=n11GUC7e9NAzyOwMobZG80Wbtu89gfpVytvm9J165eBSjVBpifeMIg+AaHdYnLJqG
	mx/BriLkDDpLd2Dyf1Ow06ovU0Ktb0dfroD5VVEnZfwUBcSSNni5DL9OrkRLWKmwD0
	bm8Zu1btBbOg5+CwxtM7Q25AlkxrY/mjQ6CW6QOA=
From: Samuel Mendoza-Jonas <sam@mendozajonas.com>
To: petitboot@lists.ozlabs.org
Subject: [PATCH] lib/file: Fix errors found by Coverity scan
Date: Fri,  9 Sep 2016 14:30:57 +1000
Message-Id: <20160909043057.25214-1-sam@mendozajonas.com>
X-Mailer: git-send-email 2.9.3
X-BeenThere: petitboot@lists.ozlabs.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Petitboot bootloader development <petitboot.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/petitboot>,
	<mailto:petitboot-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/petitboot/>
List-Post: <mailto:petitboot@lists.ozlabs.org>
List-Help: <mailto:petitboot-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/petitboot>,
	<mailto:petitboot-request@lists.ozlabs.org?subject=subscribe>
Cc: Samuel Mendoza-Jonas <sam@mendozajonas.com>
MIME-Version: 1.0
Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Petitboot"
	<petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Fix several errors in copy_file_secure_dest() found by Coverity and some
minor formatting issues:

143603: Correctly handle mkstemp() return value
143605: Avoid accessing dest_filename[-1] on readlink() error
143606, 143610: Avoid accessing dest_filename[sizeof(dest_filename)]
143607: Fix incorrectly passing sizeof(pointer) to fread()
143608, 143611: Cleanup resources on early exit
143609: Explicitly set umask before calling mkstemp()

Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
---
 lib/file/file.c | 85 ++++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 51 insertions(+), 34 deletions(-)

diff --git a/lib/file/file.c b/lib/file/file.c
index 6a270a3..0d18788 100644
--- a/lib/file/file.c
+++ b/lib/file/file.c
@@ -33,32 +33,52 @@
 
 static const int max_file_size = 1024 * 1024;
 
-int copy_file_secure_dest(void *ctx,
-	const char *source_file, char **destination_file) {
-	int result = 0;
-	char template[] = "/tmp/petitbootXXXXXX";
+int copy_file_secure_dest(void *ctx, const char *source_file,
+		char **destination_file)
+{
+	char readlink_buffer[MAX_FILENAME_SIZE + 1];
 	char dest_filename[MAX_FILENAME_SIZE] = "";
-	FILE *source_handle = fopen(source_file, "r");
-	int destination_fd = mkstemp(template);
-	FILE *destination_handle = fdopen(destination_fd, "w");
-	if (!source_handle || !(destination_handle)) {
-		// handle open error
-		pb_log("%s: failed: unable to open source file '%s'\n",
+	char template[] = "/tmp/petitbootXXXXXX";
+	FILE *destination_handle, *source_handle;
+	int destination_fd, result = 0;
+	unsigned char *buffer;
+	ssize_t r;
+	size_t l1;
+	mode_t oldmask;
+
+	source_handle = fopen(source_file, "r");
+	if (!source_handle) {
+		pb_log("%s: unable to open source file '%s': %m\n",
 			__func__, source_file);
+			return -1;
+	}
+
+	oldmask = umask(0644);
+	destination_fd = mkstemp(template);
+	umask(oldmask);
+	if (destination_fd < 0) {
+		pb_log("%s: unable to create temp file, %m\n", __func__);
+		fclose(source_handle);
+		return -1;
+	}
+	destination_handle = fdopen(destination_fd, "w");
+	if (!destination_handle) {
+		pb_log("%s: unable to open destination file, %m\n", __func__);
+		fclose(source_handle);
+		close(destination_fd);
 		return -1;
 	}
 
-	size_t l1;
-	unsigned char *buffer;
 	buffer = talloc_array(ctx, unsigned char, FILE_XFER_BUFFER_SIZE);
 	if (!buffer) {
 		pb_log("%s: failed: unable to allocate file transfer buffer\n",
 			__func__);
-		return -1;
+		result = -1;
+		goto out;
 	}
 
 	/* Copy data */
-	while ((l1 = fread(buffer, 1, sizeof buffer, source_handle)) > 0) {
+	while ((l1 = fread(buffer, 1, FILE_XFER_BUFFER_SIZE, source_handle)) > 0) {
 		size_t l2 = fwrite(buffer, 1, l1, destination_handle);
 		if (l2 < l1) {
 			if (ferror(destination_handle)) {
@@ -76,32 +96,29 @@ int copy_file_secure_dest(void *ctx,
 		}
 	}
 
-	talloc_free(buffer);
-
 	if (result) {
-		dest_filename[0] = '\0';
+		*destination_file = NULL;
+		goto out;
 	}
-	else {
-		ssize_t r;
-		char readlink_buffer[MAX_FILENAME_SIZE];
-		snprintf(readlink_buffer, MAX_FILENAME_SIZE, "/proc/self/fd/%d",
-			destination_fd);
-		r = readlink(readlink_buffer, dest_filename,
-			MAX_FILENAME_SIZE);
-		if (r < 0) {
-			/* readlink failed */
-			result = -1;
-			pb_log("%s: failed: unable to obtain temporary filename"
-				"\n", __func__);
-		}
-		dest_filename[r] = '\0';
+
+	snprintf(readlink_buffer, MAX_FILENAME_SIZE, "/proc/self/fd/%d",
+		destination_fd);
+	r = readlink(readlink_buffer, dest_filename, MAX_FILENAME_SIZE);
+	if (r < 0) {
+		/* readlink failed */
+		result = -1;
+		r = 0;
+		pb_log("%s: failed: unable to obtain temporary filename\n",
+			__func__);
 	}
+	dest_filename[r] = '\0';
 
+	*destination_file = talloc_strdup(ctx, dest_filename);
+out:
+	talloc_free(buffer);
 	fclose(source_handle);
 	fclose(destination_handle);
-
-	*destination_file = talloc_strdup(ctx, dest_filename);
-
+	close(destination_fd);
 	return result;
 }