diff options
author | antirez <antirez@gmail.com> | 2016-07-29 11:28:16 +0200 |
---|---|---|
committer | antirez <antirez@gmail.com> | 2016-07-29 11:28:16 +0200 |
commit | 9d524114eda67dedc38a9f97c9d5f3a5c3747829 (patch) | |
tree | debe790f2398bb5b3f0e4c4810c2ce9c4384a778 /deps/linenoise/linenoise.c | |
parent | 8966d4ca5e2d5376c1bfee326335e235d2bf762d (diff) | |
download | redis-9d524114eda67dedc38a9f97c9d5f3a5c3747829.tar.gz |
Update linenoise to fix insecure redis-cli history file creation.
The problem was fixed in antirez/linenoise repository applying a patch
contributed by @lamby. Here the new version is updated in the Redis
source tree.
Close #1418
Close #3322
Diffstat (limited to 'deps/linenoise/linenoise.c')
-rw-r--r-- | deps/linenoise/linenoise.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/deps/linenoise/linenoise.c b/deps/linenoise/linenoise.c index a807d9b8a..fce14a7c5 100644 --- a/deps/linenoise/linenoise.c +++ b/deps/linenoise/linenoise.c @@ -111,6 +111,7 @@ #include <string.h> #include <stdlib.h> #include <ctype.h> +#include <sys/stat.h> #include <sys/types.h> #include <sys/ioctl.h> #include <unistd.h> @@ -1160,10 +1161,14 @@ int linenoiseHistorySetMaxLen(int len) { /* Save the history in the specified file. On success 0 is returned * otherwise -1 is returned. */ int linenoiseHistorySave(const char *filename) { - FILE *fp = fopen(filename,"w"); + mode_t old_umask = umask(S_IXUSR|S_IRWXG|S_IRWXO); + FILE *fp; int j; + fp = fopen(filename,"w"); + umask(old_umask); if (fp == NULL) return -1; + chmod(filename,S_IRUSR|S_IWUSR); for (j = 0; j < history_len; j++) fprintf(fp,"%s\n",history[j]); fclose(fp); |