diff options
author | Vsevolod Stakhov <vsevolod@rspamd.com> | 2024-09-10 11:14:26 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@rspamd.com> | 2024-09-10 11:14:26 +0100 |
commit | 82a1f1490961b4e471faf566cd4834028f5bac8d (patch) | |
tree | 781ee7b6cbe654c489f5e5923aec090475e9a888 /src/lua/lua_rsa.c | |
parent | 8e057f9712fea646a929382dbee7e9c3d894ef04 (diff) | |
download | rspamd-82a1f1490961b4e471faf566cd4834028f5bac8d.tar.gz rspamd-82a1f1490961b4e471faf566cd4834028f5bac8d.zip |
[Minor] Fix some unsafe chmod
Diffstat (limited to 'src/lua/lua_rsa.c')
-rw-r--r-- | src/lua/lua_rsa.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/src/lua/lua_rsa.c b/src/lua/lua_rsa.c index 0c56b223b..b7be612b0 100644 --- a/src/lua/lua_rsa.c +++ b/src/lua/lua_rsa.c @@ -1,11 +1,11 @@ -/*- - * Copyright 2016 Vsevolod Stakhov +/* + * Copyright 2024 Vsevolod Stakhov * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -184,7 +184,14 @@ lua_rsa_privkey_save(lua_State *L) else { if (f != stdout) { /* Set secure permissions for the private key file */ - chmod(filename, S_IRUSR | S_IWUSR); + if (fchmod(fileno(f), S_IRUSR | S_IWUSR) == -1) { + msg_err("cannot set permissions for private key file: %s, %s", + filename, + strerror(errno)); + fclose(f); + lua_pushboolean(L, FALSE); + return 1; + } } if (strcmp(type, "der") == 0) { @@ -463,7 +470,6 @@ lua_rsa_privkey_load_base64(lua_State *L) rspamd_lua_setclass(L, rspamd_rsa_privkey_classname, -1); *ppkey = pkey; } - } else { msg_err("cannot open EVP private key from data, %s", @@ -706,7 +712,7 @@ lua_rsa_verify_memory(lua_State *L) if (pkey != NULL && signature != NULL && data != NULL) { EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); - g_assert(pctx != NULL); + g_assert(pctx != NULL); g_assert(EVP_PKEY_verify_init(pctx) == 1); ret = EVP_PKEY_verify(pctx, signature->str, signature->len, data, sz); |