Alert autofix 2 #2067

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

LucasL160 wants to merge 4 commits into ton-blockchain:master from triple-labs:alert-autofix-2

.github/workflows/build-ton-linux-android-tonlib.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -2,6 +2,9 @@ name: Tonlib Android @@
     on: [push, pull_request, workflow_dispatch, workflow_call]
+    permissions:
+      contents: read
     jobs:
       build:
         runs-on: ubuntu-22.04
@@ Expand Down @@

SECURITY.md

-Original file line number
+Diff line change
@@ -0,0 +1,12 @@
+    The TON blockchain node software follows a continuous deployment model. Security updates are applied to the **master branch**, which runs on the mainnet.
+    We recommend always running the latest version from the master branch to ensure you have all security patches and updates. For testing purposes, the **testnet branch** contains upcoming updates that will be merged to master after thorough testing.
+    | Branch | Status | Description |
+    | ------ | ------ | ----------- |
+    | master | :white_check_mark: Actively supported | Production-ready code running on mainnet with security updates |
+    | testnet | :warning: Testing | Contains new updates being tested before mainnet deployment |
+    | older commits | :x: Not supported | Security updates are not backported to older versions |
+    For production deployments, we strongly recommend staying up-to-date with the master branch.

tolk/tolk-main.cpp

-Original file line number
+Diff line change
@@ Expand Up @@
           return res_realpath;
         }
         case CompilerSettings::FsReadCallbackKind::ReadFile: {
+          FILE* f = fopen(query, "rb");   // query here is already resolved realpath
+          if (!f) {
+            return td::Status::Error(std::string{"cannot open file "} + query);
+          }
           struct stat f_stat;
-          int res = stat(query, &f_stat);   // query here is already resolved realpath
-          if (res != 0 || (f_stat.st_mode & S_IFMT) != S_IFREG) {
+          int fd = fileno(f);
+          if (fd < 0 || fstat(fd, &f_stat) != 0 || (f_stat.st_mode & S_IFMT) != S_IFREG) {
+            fclose(f);
             return td::Status::Error(std::string{"cannot open file "} + query);
           }
           size_t file_size = static_cast<size_t>(f_stat.st_size);
           std::string str;
           str.resize(file_size);
-          FILE* f = fopen(query, "rb");
-          fread(str.data(), file_size, 1, f);
+          size_t read_count = 0;
+          if (file_size > 0) {
+            read_count = fread(str.data(), 1, file_size, f);
+          }
           fclose(f);
+          if (read_count != file_size) {
+            return td::Status::Error(std::string{"cannot open file "} + query);
+          }
           return std::move(str);
         }
         default: {
@@ Expand Down @@

Provide feedback