tools/unpack: replace unlink/extract semantic with extract/move.

This fixes a time-of-creation to time-of-use race condition vulnerability.
Gottox · Aug 10, 2023 · 1c118be · 1c118be
1 parent a1e2523
commit 1c118be
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/tools/unpack.c b/tools/unpack.c
@@ -163,10 +163,16 @@ extract_file(
 		const struct PathStack *path_stack) {
 	int rv = 0;
 	FILE *stream = NULL;
+	char tmp_filename[] = ".sqsh-unpack-XXXXXX";
 
-	stream = fopen(filename, "w");
+	int fd = mkstemp(tmp_filename);
+	if (fd < 0) {
+		print_err(rv = -errno, "mkstemp", path_stack);
+		goto out;
+	}
+	stream = fdopen(fd, "w");
 	if (stream == NULL) {
-		print_err(rv = -errno, "fopen", path_stack);
+		print_err(rv = -errno, "fdopen", path_stack);
 		goto out;
 	}
 
@@ -177,6 +183,12 @@ extract_file(
 		goto out;
 	}
 	fclose(stream);
+
+	rv = rename(tmp_filename, filename);
+	if (rv < 0 && errno != ENOENT) {
+		print_err(rv = -errno, "unlink", path_stack);
+		goto out;
+	}
 out:
 	return rv;
 }