diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2021-12-29 21:32:07 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2021-12-29 21:32:07 +0000 |
| commit | d2a9a7765c9d16fff4f567a0c35092da83360365 (patch) | |
| tree | 1e602da70f592dc364fca68254f56b4acba111ac /src/rspamadm/dkim_keygen.c | |
| parent | 3deecad150f2ec11679cb85265c55df948e7c2bc (diff) | |
| download | rspamd-d2a9a7765c9d16fff4f567a0c35092da83360365.tar.gz rspamd-d2a9a7765c9d16fff4f567a0c35092da83360365.zip | |
[Minor] Set 0600 mode on privkey files by default
Issue: #4023
Diffstat (limited to 'src/rspamadm/dkim_keygen.c')
| -rw-r--r-- | src/rspamadm/dkim_keygen.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/src/rspamadm/dkim_keygen.c b/src/rspamadm/dkim_keygen.c index a1e7286ae..318cc924d 100644 --- a/src/rspamadm/dkim_keygen.c +++ b/src/rspamadm/dkim_keygen.c @@ -20,6 +20,8 @@ #include "libcryptobox/cryptobox.h" #include "contrib/libottery/ottery.h" #include "lua/lua_common.h" +#include "unix-std.h" + #include <openssl/rsa.h> #include <openssl/bn.h> #include <openssl/pem.h> @@ -108,15 +110,33 @@ rspamd_dkim_generate_rsa_keypair (const gchar *domain, const gchar *selector, g_assert (EVP_PKEY_set1_RSA (pk, r) == 1); if (priv_fname) { - privout = BIO_new_file (priv_fname, "w"); + int fd = open (priv_fname, O_WRONLY | O_CREAT | O_TRUNC, 0600); + + if (fd < 0) { + rspamd_fprintf (stderr, "cannot open output file %s: %s\n", + priv_fname, strerror (errno)); + exit (EXIT_FAILURE); + } + + FILE *fp = fdopen (fd, "w"); + + if (fp == NULL) { + close (fd); + rspamd_fprintf (stderr, "cannot open output file %s: %s\n", + priv_fname, strerror (errno)); + exit (EXIT_FAILURE); + } + + privout = BIO_new_fp (fp, BIO_CLOSE); if (privout == NULL) { + fclose (fp); rspamd_fprintf (stderr, "cannot open output file %s: %s\n", priv_fname, strerror (errno)); exit (EXIT_FAILURE); } } else { - privout = BIO_new_fp (stdout, 0); + privout = BIO_new_fp (stdout, BIO_NOCLOSE); } rc = PEM_write_bio_PrivateKey (privout, pk, NULL, NULL, 0, NULL, NULL); |