Some automated security checks concerning fopen() calls.

diff --git a/attach.c b/attach.c
index 7eb1ff425efbd520091be1cc2c2c1b3bdbe82b74..b4bfe5eb389843c7a3f874188a971b679b584dc8 100644 (file)
--- a/attach.c
+++ b/attach.c
@@ -61,8 +61,8 @@ int mutt_get_tmp_attachment (BODY *a)
 
   if(stat(a->filename, &st) == -1)
     return -1;
-  
-  if((fpin = fopen(a->filename, "r")) && (fpout = safe_fopen(tempfile, "w")))
+
+  if((fpin = fopen(a->filename, "r")) && (fpout = safe_fopen(tempfile, "w")))  /* __FOPEN_CHECKED__ */
   {
     mutt_copy_stream (fpin, fpout);
     mutt_str_replace (&a->filename, tempfile);
@@ -722,7 +722,7 @@ int mutt_save_attachment (FILE *fp, BODY *m, char *path, int flags, HEADER *hdr)
       if (flags == M_SAVE_APPEND)
        s.fpout = fopen (path, "a");
       else if (flags == M_SAVE_OVERWRITE)
-       s.fpout = fopen (path, "w");
+       s.fpout = fopen (path, "w");            /* __FOPEN_CHECKED__ */
       else
        s.fpout = safe_fopen (path, "w");
       if (s.fpout == NULL)
@@ -788,7 +788,7 @@ int mutt_decode_save_attachment (FILE *fp, BODY *m, char *path,
   if (flags == M_SAVE_APPEND)
     s.fpout = fopen (path, "a");
   else if (flags == M_SAVE_OVERWRITE)
-    s.fpout = fopen (path, "w");
+    s.fpout = fopen (path, "w");       /* __FOPEN_CHECKED__ */
   else
     s.fpout = safe_fopen (path, "w");
 

diff --git a/build-release b/build-release
index 523862964c8b019596663ec27554effe6efce061..8dd3e16766761e783d282078ddfad9308843bd9f 100755 (executable)
--- a/build-release
+++ b/build-release
@@ -20,6 +20,10 @@ devel="devel/"       # uncomment for the stable branch
 
 cvs update
 
+# Do automated security checks
+
+./check_sec.sh || exit 1
+
 # bump the version number, and calculate the tags
 
 rm -f VERSION 

diff --git a/check_sec.sh b/check_sec.sh
new file mode 100755 (executable)
index 0000000..b1a505a
--- /dev/null
+++ b/check_sec.sh
@@ -0,0 +1,16 @@
+#!/bin/sh --
+
+#
+# grep for some things which may look like security problems.
+#
+
+TMPFILE="`mktemp fopen.XXXXXX`" || exit 1
+grep -n '\<fopen.*".*w' *.c */*.c | fgrep -v __FOPEN_CHECKED__  > $TMPFILE
+test -s $TMPFILE && {
+       echo "WARNING: UNCHECKED FOPEN CALLS FOUND" ;
+       cat $TMPFILE ;
+       exit 1;
+}
+
+rm -f $TMPFILE
+exit 0

diff --git a/edit.c b/edit.c
index e8ef355947de6e673eba2a506d8ae24288f73725..57cb82c045e2fa91e6985e30775da0996f833f23 100644 (file)
--- a/edit.c
+++ b/edit.c
@@ -114,7 +114,7 @@ static int be_barf_file (const char *path, char **buf, int buflen)
   FILE *f;
   int i;
   
-  if ((f = fopen (path, "w")) == NULL)
+  if ((f = fopen (path, "w")) == NULL)         /* __FOPEN_CHECKED__ */
   {
     addstr (strerror (errno));
     addch ('\n');

diff --git a/pgpkey.c b/pgpkey.c
index df7a15c479d2a6b59bead2bab1302e6e359c4782..b197f0b5e4d0da98cb203bf25ab1e27818a1296b 100644 (file)
--- a/pgpkey.c
+++ b/pgpkey.c
@@ -476,7 +476,7 @@ static pgp_key_t *pgp_select_key (pgp_key_t *keys,
     case OP_VERIFY_KEY:
 
       mutt_mktemp (tempfile);
-      if ((devnull = fopen ("/dev/null", "w")) == NULL)
+      if ((devnull = fopen ("/dev/null", "w")) == NULL)        /* __FOPEN_CHECKED__ */
       {
        mutt_perror _("Can't open /dev/null");
        break;
@@ -670,7 +670,7 @@ BODY *pgp_make_key_attachment (char *tempf)
     return NULL;
   }
 
-  if ((devnull = fopen ("/dev/null", "w")) == NULL)
+  if ((devnull = fopen ("/dev/null", "w")) == NULL)    /* __FOPEN_CHECKED__ */
   {
     mutt_perror _("Can't open /dev/null");
     fclose (tempfp);