commit 959e4d225aefa45d2e569b7f4751963930504c6a Author: Daniel Stenberg Date: Wed May 25 10:09:53 2022 +0200 [Backport] altsvc: use Curl_fopen() Offering: RTOS CVE: CVE-2022-32207 Reference: upstream_commit_id=fab970a5d19c1faa2052239ec1e2602b892cbeb2 DTS/AR: DTS2022062910035 type: LTS reason: fix CVE-2022-32207 for curl. weblink:https://github.com/curl/curl/commit/fab970a5d19c1faa2052239ec1e2602b892cbeb2 Signed-off-by: laiyuanyuan diff --git a/lib/altsvc.c b/lib/altsvc.c index 36acc3a5e..b20f49ba4 100644 --- a/lib/altsvc.c +++ b/lib/altsvc.c @@ -34,7 +34,7 @@ #include "parsedate.h" #include "sendf.h" #include "warnless.h" -#include "rand.h" +#include "fopen.h" #include "rename.h" /* The last 3 #include files should be in this order */ @@ -329,8 +329,7 @@ CURLcode Curl_altsvc_save(struct Curl_easy *data, struct Curl_llist_element *n; CURLcode result = CURLE_OK; FILE *out; - char *tempstore; - unsigned char randsuffix[9]; + char *tempstore = NULL; if(!altsvc) /* no cache activated */ @@ -344,17 +343,8 @@ CURLcode Curl_altsvc_save(struct Curl_easy *data, /* marked as read-only, no file or zero length file name */ return CURLE_OK; - if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) - return CURLE_FAILED_INIT; - - tempstore = aprintf("%s.%s.tmp", file, randsuffix); - if(!tempstore) - return CURLE_OUT_OF_MEMORY; - - out = fopen(tempstore, FOPEN_WRITETEXT); - if(!out) - result = CURLE_WRITE_ERROR; - else { + result = Curl_fopen(data, file, &out, &tempstore); + if(!result) { fputs("# Your alt-svc cache. https://curl.se/docs/alt-svc.html\n" "# This file was generated by libcurl! Edit at your own risk.\n", out); @@ -366,10 +356,10 @@ CURLcode Curl_altsvc_save(struct Curl_easy *data, break; } fclose(out); - if(!result && Curl_rename(tempstore, file)) + if(!result && tempstore && Curl_rename(tempstore, file)) result = CURLE_WRITE_ERROR; - if(result) + if(result && tempstore) unlink(tempstore); } free(tempstore);