Make sure new files get created with secure premissions.

tjko · tjko · commit c72481ba9079 · 2025-01-23T22:42:33.000-08:00
diff --git a/jpegoptim.c b/jpegoptim.c
@@ -1,6 +1,6 @@
 /*******************************************************************
  * JPEGoptim
- * Copyright (c) Timo Kokkonen, 1996-2023.
+ * Copyright (c) Timo Kokkonen, 1996-2025.
  * All Rights Reserved.
  *
  * requires libjpeg (Independent JPEG Group's JPEG software
@@ -64,7 +64,7 @@
 #include "jpegoptim.h"
 
 
-#define VERSION "1.5.5"
+#define VERSION "1.5.6beta"
 #define COPYRIGHT  "Copyright (C) 1996-2023, Timo Kokkonen"
 
 #if HAVE_WAIT && HAVE_FORK
@@ -1021,7 +1021,7 @@ int optimize(FILE *log_fh, const char *filename, const char *newname,
 				if (copy_file(newname,tmpfilename))
 					fatal("%s, failed to create backup: %s",
 						(stdin_mode ? "stdin" : filename), tmpfilename);
-				if ((outfile=fopen(newname,"wb"))==NULL)
+				if ((outfile=create_file(newname))==NULL)
 					fatal("%s, error opening output file: %s",
 						(stdin_mode ? "stdin" : filename), newname);
 				outfname=newname;
@@ -1044,7 +1044,7 @@ int optimize(FILE *log_fh, const char *filename, const char *newname,
 					snprintf(tmpfilename,sizeof(tmpfilename),
 						"%sjpegoptim-%d-%d.%ld.tmp", tmpdir,
 						(int)getuid(), (int)getpid(), (long)time(NULL));
-				if ((outfile = fopen(tmpfilename,"wb")) == NULL)
+				if ((outfile = create_file(tmpfilename)) == NULL)
 #endif
 					fatal("error opening temporary file: %s", tmpfilename);
 				outfname=tmpfilename;
diff --git a/jpegoptim.h b/jpegoptim.h
@@ -64,6 +64,7 @@ extern int quiet_mode;
 
 
 /* misc.c */
+FILE* create_file(const char *name);
 int delete_file(const char *name);
 long file_size(FILE *fp);
 int is_directory(const char *path);
diff --git a/misc.c b/misc.c
@@ -1,6 +1,6 @@
 /* misc.c
  *
- * Copyright (C) 1996-2022 Timo Kokkonen
+ * Copyright (C) 1996-2025 Timo Kokkonen
  * All Rights Reserved.
  *
  * SPDX-License-Identifier: GPL-3.0-or-later
@@ -25,6 +25,7 @@
 #include "config.h"
 #endif
 #include <stdio.h>
+#include <fcntl.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #ifdef HAVE_UNISTD_H
@@ -38,6 +39,24 @@
 #include "jpegoptim.h"
 
 
+FILE* create_file(const char *name)
+{
+	FILE *f;
+	int fd;
+
+	if (!name)
+		return NULL;
+
+	if ((fd = open(name, (O_WRONLY | O_CREAT | O_TRUNC), (S_IWUSR | S_IRUSR))) < 0)
+		return NULL;
+	if (!(f = fdopen(fd, "wb"))) {
+		close(fd);
+		return NULL;
+	}
+
+	return f;
+}
+
 int delete_file(const char *name)
 {
 	int retval;
@@ -132,13 +151,11 @@ int copy_file(const char *srcfile, const char *dstfile)
 	if (!srcfile || !dstfile)
 		return -1;
 
-	in=fopen(srcfile,"rb");
-	if (!in) {
+	if (!(in = fopen(srcfile, "rb"))) {
 		warn("failed to open file for reading: %s", srcfile);
 		return -2;
 	}
-	out=fopen(dstfile,"wb");
-	if (!out) {
+	if (!(out = create_file(dstfile))) {
 		fclose(in);
 		warn("failed to open file for writing: %s", dstfile);
 		return -3;
