commit e55e32eb40619a2476b93196ed82c82179f85b82 Author: Daniel Stenberg Date: Wed May 25 10:09:54 2022 +0200 [Backport] hsts: use Curl_fopen() Offering: RTOS CVE: CVE-2022-32207 Reference: upstream_commit_id=d64115d7bb8ae4c136b620912da523c063f1d2ee DTS/AR: DTS2022062910035 type: LTS reason: fix CVE-2022-32207 for curl. weblink:https://github.com/curl/curl/commit/d64115d7bb8ae4c136b620912da523c063f1d2ee Signed-off-by: laiyuanyuan diff --git a/lib/hsts.c b/lib/hsts.c index 0d5a58401..1d0263cdf 100644 --- a/lib/hsts.c +++ b/lib/hsts.c @@ -35,7 +35,7 @@ #include "sendf.h" #include "strtoofft.h" #include "parsedate.h" -#include "rand.h" +#include "fopen.h" #include "rename.h" #include "strtoofft.h" @@ -325,8 +325,7 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, struct Curl_llist_element *n; CURLcode result = CURLE_OK; FILE *out; - char *tempstore; - unsigned char randsuffix[9]; + char *tempstore = NULL; if(!h) /* no cache activated */ @@ -340,17 +339,8 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, /* marked as read-only, no file or zero length file name */ goto skipsave; - if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) - return CURLE_FAILED_INIT; - - tempstore = aprintf("%s.%s.tmp", file, randsuffix); - if(!tempstore) - return CURLE_OUT_OF_MEMORY; - - out = fopen(tempstore, FOPEN_WRITETEXT); - if(!out) - result = CURLE_WRITE_ERROR; - else { + result = Curl_fopen(data, file, &out, &tempstore); + if(!result) { fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n" "# This file was generated by libcurl! Edit at your own risk.\n", out); @@ -362,10 +352,10 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, break; } fclose(out); - if(!result && Curl_rename(tempstore, file)) + if(!result && tempstore && Curl_rename(tempstore, file)) result = CURLE_WRITE_ERROR; - if(result) + if(result && tempstore) unlink(tempstore); } free(tempstore);