retropilot
/
openpilot
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix insecure temporary file creation (#1890) 

* Fix insecure temporary file creation

* minor error fix

tmp_path.name (NamedTemporaryFile().name) is required to return the filename string.
albatross
Mufeed VH 2020-07-18 12:19:57 +05:30 committed by GitHub
parent 35a5b057c1
commit a34b9f5cb5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
common/params.py
View File

@ -319,14 +319,14 @@ def write_db(params_path, key, value):
lock.acquire()
try:
tmp_path = tempfile.mktemp(prefix=".tmp", dir=params_path)
with open(tmp_path, "wb") as f:
tmp_path = tempfile.NamedTemporaryFile(mode="wb", prefix=".tmp", dir=params_path, delete=False)
with tmp_path as f:
f.write(value)
f.flush()
os.fsync(f.fileno())
path = "%s/d/%s" % (params_path, key)
os.rename(tmp_path, path)
os.rename(tmp_path.name, path)
fsync_dir(os.path.dirname(path))
finally:
os.umask(prev_umask)