diff options
author | Daniel Stenberg <daniel@haxx.se> | 2022-05-25 10:09:53 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2022-06-26 11:03:57 +0200 |
commit | 20f9dd6bae50b7223171b17ba7798946e74f877f (patch) | |
tree | ec0d36b73f72ea0c754c6deff4bf314986d0d245 /lib/cookie.c | |
parent | 46f8911d3942dc06fdd67e9f6f3908982e5d2fb4 (diff) | |
download | curl-20f9dd6bae50b7223171b17ba7798946e74f877f.tar.gz |
fopen: add Curl_fopen() for better overwriting of files
Bug: https://curl.se/docs/CVE-2022-32207.html
CVE-2022-32207
Reported-by: Harry Sintonen
Closes #9050
Diffstat (limited to 'lib/cookie.c')
-rw-r--r-- | lib/cookie.c | 19 |
1 files changed, 4 insertions, 15 deletions
diff --git a/lib/cookie.c b/lib/cookie.c index a1ab89532..cb57b8638 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -99,8 +99,8 @@ Example set of cookies: #include "curl_get_line.h" #include "curl_memrchr.h" #include "parsedate.h" -#include "rand.h" #include "rename.h" +#include "fopen.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -1641,20 +1641,9 @@ static CURLcode cookie_output(struct Curl_easy *data, use_stdout = TRUE; } else { - unsigned char randsuffix[9]; - - if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) - return 2; - - tempstore = aprintf("%s.%s.tmp", filename, randsuffix); - if(!tempstore) - return CURLE_OUT_OF_MEMORY; - - out = fopen(tempstore, FOPEN_WRITETEXT); - if(!out) { - error = CURLE_WRITE_ERROR; + error = Curl_fopen(data, filename, &out, &tempstore); + if(error) goto error; - } } fputs("# Netscape HTTP Cookie File\n" @@ -1701,7 +1690,7 @@ static CURLcode cookie_output(struct Curl_easy *data, if(!use_stdout) { fclose(out); out = NULL; - if(Curl_rename(tempstore, filename)) { + if(tempstore && Curl_rename(tempstore, filename)) { unlink(tempstore); error = CURLE_WRITE_ERROR; goto error; |