1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
From 610f9fdbb86667f4094972547deb936c6cdfc6d5 Mon Sep 17 00:00:00 2001
From: Andris Zeila <andris.zeila@zabbix.com>
Date: Fri, 12 Jan 2024 06:06:02 +0000
Subject: [PATCH] .......PS. [DEV-2695] removed group/all access flags for
fping temporary files
Merge in ZBX/zabbix from feature/DEV-2695-6.5 to master
* commit 'cf07db1d5c2b8fe4a9de85fed22cf05035e08914':
.......PS. [DEV-2695] remove group/all access flags when creating fping input file for testing fping features
(cherry picked from commit cd12f0a2d89c3ef05f0e9f50dcb73fdaf3a7e8a9)
CVE: CVE-2023-32727
Upstream_Status: Backport [https://github.com/zabbix/zabbix/commit/610f9fdbb86667f4094972547deb936c6cdfc6d5]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
src/libs/zbxicmpping/icmpping.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/libs/zbxicmpping/icmpping.c b/src/libs/zbxicmpping/icmpping.c
index 9a751b7..bab3d09 100644
--- a/src/libs/zbxicmpping/icmpping.c
+++ b/src/libs/zbxicmpping/icmpping.c
@@ -108,6 +108,7 @@ static int get_fping_out(const char *fping, const char *address, char **out, cha
int ret = FAIL, fd;
sigset_t mask, orig_mask;
char filename[MAX_STRING_LEN];
+ mode_t mode;
if (FAIL == zbx_validate_hostname(address) && FAIL == is_supported_ip(address))
{
@@ -116,7 +117,12 @@ static int get_fping_out(const char *fping, const char *address, char **out, cha
}
zbx_snprintf(filename, sizeof(filename), "%s/%s_XXXXXX", CONFIG_TMPDIR, progname);
- if (-1 == (fd = mkstemp(filename)))
+
+ mode = umask(077);
+ fd = mkstemp(filename);
+ umask(mode);
+
+ if (-1 == fd)
{
zbx_snprintf(error, max_error_len, "Cannot create temporary file \"%s\": %s", filename,
zbx_strerror(errno));
--
2.40.0
|