Commit Graph

10 Commits

Author SHA1 Message Date
Andreas Kiefer
f0eacd9447
fopen: fix narrowing conversion warning on 32-bit Android
This was fixed in commit 06dc599405, but came back in commit
03cb1ff4d6.

When building for 32-bit ARM or x86 Android, `st_mode` is defined as
`unsigned int` instead of `mode_t`, resulting in a
`-Wimplicit-int-conversion` clang warning because `mode_t` is
`unsigned short`. Add a cast to silence the warning, but only for
32-bit Android builds, because other architectures and platforms are
not affected.

Ref: https://android.googlesource.com/platform/bionic/+/refs/tags/ndk-r25c/libc/include/sys/stat.h#86
Closes https://github.com/curl/curl/pull/12998
2024-02-27 14:26:22 +01:00
Daniel Stenberg
f27b8dba73
fopen: allocate the dir after fopen
Move the allocation of the directory name down to after the fopen() call
to allow that shortcut code path to avoid a superfluous malloc+free
cycle.

Follow-up to 73b65e94f3

Closes #12398
2023-11-24 13:24:08 +01:00
Daniel Stenberg
03cb1ff4d6
fopen: create new file using old file's mode
Because the function renames the temp file to the target name as a last
step, if the file was previously owned by a different user, not ORing
the old mode could otherwise end up creating a file that was no longer
readable by the original owner after save.

Reported-by: Loïc Yhuel
Fixes #12299
Closes #12395
2023-11-23 22:30:42 +01:00
Daniel Stenberg
73b65e94f3
fopen: create short(er) temporary file name
Only using random letters in the name plus a ".tmp" extension. Not by
appending characters to the final file name.

Reported-by: Maksymilian Arciemowicz

Closes #12388
2023-11-23 15:46:34 +01:00
Harry Sintonen
3aa3cc9b05
misc: better random strings
Generate alphanumerical random strings.

Prior this change curl used to create random hex strings. This was
mostly okay, but having alphanumerical random strings is better: The
strings have more entropy in the same space.

The MIME multipart boundary used to be mere 64-bits of randomness due
to being 16 hex chars. With these changes the boundary is 22
alphanumerical chars, or little over 130 bits of randomness.

Closes #11838
2023-09-16 11:37:57 +02:00
SaltyMilk
0c667188e0
fopen: optimize
Closes #11419
2023-07-11 19:43:51 +02:00
Marcel Raad
06dc599405
fopen: fix conversion warning on 32-bit Android
When building for 32-bit ARM or x86 Android, `st_mode` is defined as
`unsigned int` instead of `mode_t`, resulting in a
-Wimplicit-int-conversion clang warning because `mode_t` is
`unsigned short`. Add a cast to silence the warning.

Ref: https://android.googlesource.com/platform/bionic/+/refs/tags/ndk-r25c/libc/include/sys/stat.h#86
Closes https://github.com/curl/curl/pull/11313
2023-06-14 09:31:47 +02:00
Kvarec Lezki
74040ddecb fopen: remove unnecessary assignment
[CWE-1164] V1048: The '* tempname' variable was assigned the same value.

Ref: https://pvs-studio.com/en/docs/warnings/v1048/

Closes https://github.com/curl/curl/pull/10398
2023-02-05 03:15:08 -05:00
Daniel Stenberg
2bc1d775f5
copyright: update all copyright lines and remove year ranges
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205
2023-01-03 09:19:21 +01:00
Daniel Stenberg
20f9dd6bae
fopen: add Curl_fopen() for better overwriting of files
Bug: https://curl.se/docs/CVE-2022-32207.html
CVE-2022-32207
Reported-by: Harry Sintonen
Closes #9050
2022-06-26 11:03:57 +02:00