Update linenoise to fix insecure redis-cli history file creation.

The problem was fixed in antirez/linenoise repository applying a patch contributed by @lamby. Here the new version is updated in the Redis source tree. Close #1418 Close #3322
author: antirez <antirez@gmail.com> 2016-07-29 11:28:16 +0200
committer: antirez <antirez@gmail.com> 2016-07-29 11:28:16 +0200
commit: 9d524114eda67dedc38a9f97c9d5f3a5c3747829 (patch)
tree: debe790f2398bb5b3f0e4c4810c2ce9c4384a778 /deps/linenoise
parent: 8966d4ca5e2d5376c1bfee326335e235d2bf762d (diff)
download: redis-9d524114eda67dedc38a9f97c9d5f3a5c3747829.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/deps/linenoise/linenoise.c b/deps/linenoise/linenoise.c
index a807d9b8a..fce14a7c5 100644
--- a/deps/linenoise/linenoise.c
+++ b/deps/linenoise/linenoise.c
@@ -111,6 +111,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <ctype.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/ioctl.h>
 #include <unistd.h>
@@ -1160,10 +1161,14 @@ int linenoiseHistorySetMaxLen(int len) {
 /* Save the history in the specified file. On success 0 is returned
  * otherwise -1 is returned. */
 int linenoiseHistorySave(const char *filename) {
-    FILE *fp = fopen(filename,"w");
+    mode_t old_umask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
+    FILE *fp;
     int j;
 
+    fp = fopen(filename,"w");
+    umask(old_umask);
     if (fp == NULL) return -1;
+    chmod(filename,S_IRUSR|S_IWUSR);
     for (j = 0; j < history_len; j++)
         fprintf(fp,"%s\n",history[j]);
     fclose(fp);
author	antirez <antirez@gmail.com>	2016-07-29 11:28:16 +0200
committer	antirez <antirez@gmail.com>	2016-07-29 11:28:16 +0200
commit	9d524114eda67dedc38a9f97c9d5f3a5c3747829 (patch)
tree	debe790f2398bb5b3f0e4c4810c2ce9c4384a778 /deps/linenoise
parent	8966d4ca5e2d5376c1bfee326335e235d2bf762d (diff)
download	redis-9d524114eda67dedc38a9f97c9d5f3a5c3747829.tar.gz