From: Thomas Roessler <roessler@does-not-exist.org>
Date: Mon, 8 Jan 2001 16:13:57 +0000 (+0000)
Subject: Some automated security checks concerning fopen() calls.
X-Git-Tag: mutt-1-3-14-rel~16
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9fd7da6f29476ae9333723b6f58727b58d57661e;p=mutt

Some automated security checks concerning fopen() calls.
---

diff --git a/attach.c b/attach.c
index 7eb1ff42..b4bfe5eb 100644
--- a/attach.c
+++ b/attach.c
@@ -61,8 +61,8 @@ int mutt_get_tmp_attachment (BODY *a)
 
   if(stat(a->filename, &st) == -1)
     return -1;
-  
-  if((fpin = fopen(a->filename, "r")) && (fpout = safe_fopen(tempfile, "w")))
+
+  if((fpin = fopen(a->filename, "r")) && (fpout = safe_fopen(tempfile, "w")))  /* __FOPEN_CHECKED__ */
   {
     mutt_copy_stream (fpin, fpout);
     mutt_str_replace (&a->filename, tempfile);
@@ -722,7 +722,7 @@ int mutt_save_attachment (FILE *fp, BODY *m, char *path, int flags, HEADER *hdr)
       if (flags == M_SAVE_APPEND)
 	s.fpout = fopen (path, "a");
       else if (flags == M_SAVE_OVERWRITE)
-	s.fpout = fopen (path, "w");
+	s.fpout = fopen (path, "w");		/* __FOPEN_CHECKED__ */
       else
 	s.fpout = safe_fopen (path, "w");
       if (s.fpout == NULL)
@@ -788,7 +788,7 @@ int mutt_decode_save_attachment (FILE *fp, BODY *m, char *path,
   if (flags == M_SAVE_APPEND)
     s.fpout = fopen (path, "a");
   else if (flags == M_SAVE_OVERWRITE)
-    s.fpout = fopen (path, "w");
+    s.fpout = fopen (path, "w");	/* __FOPEN_CHECKED__ */
   else
     s.fpout = safe_fopen (path, "w");
 
diff --git a/build-release b/build-release
index 52386296..8dd3e167 100755
--- a/build-release
+++ b/build-release
@@ -20,6 +20,10 @@ devel="devel/"	# uncomment for the stable branch
 
 cvs update
 
+# Do automated security checks
+
+./check_sec.sh || exit 1
+
 # bump the version number, and calculate the tags
 
 rm -f VERSION 
diff --git a/check_sec.sh b/check_sec.sh
new file mode 100755
index 00000000..b1a505a8
--- /dev/null
+++ b/check_sec.sh
@@ -0,0 +1,16 @@
+#!/bin/sh --
+
+#
+# grep for some things which may look like security problems.
+#
+
+TMPFILE="`mktemp fopen.XXXXXX`" || exit 1
+grep -n '\<fopen.*".*w' *.c */*.c | fgrep -v __FOPEN_CHECKED__  > $TMPFILE
+test -s $TMPFILE && {
+	echo "WARNING: UNCHECKED FOPEN CALLS FOUND" ;
+	cat $TMPFILE ;
+	exit 1;
+}
+
+rm -f $TMPFILE
+exit 0
diff --git a/edit.c b/edit.c
index e8ef3559..57cb82c0 100644
--- a/edit.c
+++ b/edit.c
@@ -114,7 +114,7 @@ static int be_barf_file (const char *path, char **buf, int buflen)
   FILE *f;
   int i;
   
-  if ((f = fopen (path, "w")) == NULL)
+  if ((f = fopen (path, "w")) == NULL)		/* __FOPEN_CHECKED__ */
   {
     addstr (strerror (errno));
     addch ('\n');
diff --git a/pgpkey.c b/pgpkey.c
index df7a15c4..b197f0b5 100644
--- a/pgpkey.c
+++ b/pgpkey.c
@@ -476,7 +476,7 @@ static pgp_key_t *pgp_select_key (pgp_key_t *keys,
     case OP_VERIFY_KEY:
 
       mutt_mktemp (tempfile);
-      if ((devnull = fopen ("/dev/null", "w")) == NULL)
+      if ((devnull = fopen ("/dev/null", "w")) == NULL)	/* __FOPEN_CHECKED__ */
       {
 	mutt_perror _("Can't open /dev/null");
 	break;
@@ -670,7 +670,7 @@ BODY *pgp_make_key_attachment (char *tempf)
     return NULL;
   }
 
-  if ((devnull = fopen ("/dev/null", "w")) == NULL)
+  if ((devnull = fopen ("/dev/null", "w")) == NULL)	/* __FOPEN_CHECKED__ */
   {
     mutt_perror _("Can't open /dev/null");
     fclose (tempfp);