mirrors
/
enchive
mirror of https://github.com/skeeto/enchive.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Write keys more securely.

pull/2/head
Christopher Wellons 2017-03-03 16:47:20 -05:00
parent 2798bb056c
commit 6c9cb4e14a
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
enchive.c
View File

@ -1,3 +1,4 @@
#define _POSIX_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -47,6 +48,27 @@ fatal(const char *fmt, ...)
exit(EXIT_FAILURE);
}
#if defined(__unix__) || defined(__APPLE__)
#include <fcntl.h>
static FILE *
secure_creat(char *file)
{
int fd = open(file, O_CREAT | O_WRONLY, 00600);
if (fd == -1)
return 0;
return fdopen(fd, "wb");
}
#else
/* fallback to standard open */
static FILE *
secure_creat(char *file)
{
return fopen(file, "wb");
}
#endif
/* Global options. */
static char *global_random_device = "/dev/urandom";
static char *global_pubkey = 0;
@ -227,7 +249,7 @@ write_key(char *file, const u8 *key, int clobber)
if (!clobber && fopen(file, "r"))
fatal("operation would clobber %s", file);
f = fopen(file, "wb");
f = secure_creat(file);
if (!f)
fatal("failed to open key file for writing -- %s", file);
cleanup_register(f, file);