sfm

simple file manager
git clone git://git.afify.dev/sfm
Log | Files | Refs | README | LICENSE

commit 51bc7211b0acaab73c31576f49d630a1f0f340aa
parent 2a80c4e8a83feef754851c42a8c6f403e0b4943e
Author: afify <hassan@afify.dev>
Date:   Wed,  8 Jul 2020 13:33:38 +0300

[fix] create new file securely

- use open() instead of fopen()
- return -1 if exists
- permission is rw for user only

source: Security Recommendations
https://www.openbsd.org/faq/ports/guide.html#PortsSecurity

Diffstat:
Msfm.c | 16+++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/sfm.c b/sfm.c @@ -482,23 +482,21 @@ create_new_dir(char *cwd, char *user_input) static int create_new_file(char *cwd, char *user_input) { + int rf; char *path; path = ecalloc(strlen(cwd)+strlen(user_input)+2, sizeof(char)); strcpy(path, cwd); strcat(path, "/"); strcat(path, user_input); - FILE* file_ptr; - file_ptr = fopen(path, "w"); + rf = open(path, O_CREAT|O_EXCL, S_IRUSR|S_IWUSR); free(path); + if (rf < 0) + return -1; - if (file_ptr != NULL) { - (void)fclose(file_ptr); - return 0; - } - - return -1; - + if (close(rf) < 0) + return -1; + return 0; } static int