[PATCH 19/74] Fix handling of temporary file in sefcontext_compile.c

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Thu, 24 Oct 2013 09:59:13 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We had a potential race condition when handling sefcontext_compiled content.
   This patch looks good to me. acked.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJpJ7EACgkQrlYvE4MpobNCmQCdHZh0LoPrShRFQRhD2XHkviUu
bfQAoIxMzz8XjwlX7QM3Zh3x+dMXxUWO
=bnTv
-----END PGP SIGNATURE-----
>From 6d77b713845a0c1795096733552dd608a8d0ef65 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Wed, 9 Oct 2013 16:32:50 -0400
Subject: [PATCH 19/74] Fix handling of temporary file in sefcontext_compile.c

This way if something goes wrong regex file will not be corrupt.
---
 libselinux/utils/sefcontext_compile.c | 32 +++++++++++++++++++++++++-------
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c
index 6f79dd6..e019a07 100644
--- a/libselinux/utils/sefcontext_compile.c
+++ b/libselinux/utils/sefcontext_compile.c
@@ -145,7 +145,7 @@ static int process_file(struct saved_data *data, const char *filename)
  *	u32  - data length of the pcre regex study daya
  *	char - a buffer holding the raw pcre regex study data
  */
-static int write_binary_file(struct saved_data *data, char *filename)
+static int write_binary_file(struct saved_data *data, int fd)
 {
 	struct spec *specs = data->spec_arr;
 	FILE *bin_file;
@@ -155,7 +155,7 @@ static int write_binary_file(struct saved_data *data, char *filename)
 	uint32_t i;
 	int rc;
 
-	bin_file = fopen(filename, "w");
+	bin_file = fdopen(fd, "w");
 	if (!bin_file) {
 		perror("fopen output_file");
 		exit(EXIT_FAILURE);
@@ -321,7 +321,9 @@ int main(int argc, char *argv[])
 	const char *path;
 	char stack_path[PATH_MAX + 1];
 	int rc;
-
+	char *tmp= NULL;
+	int fd;
+	
 	if (argc != 2) {
 		fprintf(stderr, "usage: %s input_file\n", argv[0]);
 		exit(EXIT_FAILURE);
@@ -342,13 +344,29 @@ int main(int argc, char *argv[])
 	rc = snprintf(stack_path, sizeof(stack_path), "%s.bin", path);
 	if (rc < 0 || rc >= sizeof(stack_path))
 		return rc;
-	rc = write_binary_file(&data, stack_path);
+
+	if (asprintf(&tmp, "%sXXXXXX", stack_path) < 0)
+		return -1;
+
+	fd  = mkstemp(tmp);
+	if (fd < 0) 
+		goto err;
+
+	rc = write_binary_file(&data, fd);
+
 	if (rc < 0)
-		return rc;
+		goto err;
 
+	rename(tmp, stack_path);
 	rc = free_specs(&data);
 	if (rc < 0)
-		return rc;
+		goto err;
 
-	return 0;
+	rc = 0;
+out:
+	free(tmp);
+	return rc;
+err:
+	rc = -1;
+	goto out;
 }
-- 
1.8.3.1





