Merge pull request nasa#55 from skliper/fix54-file-permissions

Fix nasa#54, Restrict destination file permissions
ArielSAdamsNASA · Aug 27, 2020 · 3c3c957 · 3c3c957
2 parents 5d19e3e + 6b6afc1
commit 3c3c957
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/elf2cfetbl.c b/elf2cfetbl.c
@@ -1441,6 +1441,8 @@ int32 OpenSrcFile(void)
 
 int32 OpenDstFile(void)
 {
+    struct stat dststat;
+
     // Check to see if output file can be opened and written
     DstFileDesc = fopen(DstFilename, "w");
 
@@ -1450,6 +1452,17 @@ int32 OpenDstFile(void)
         return FAILED;
     }
 
+    /* Fix file if too permissive (CWE-732) */
+    if (stat(DstFilename, &dststat) == 0)
+    {
+        if (Verbose)
+            printf("%s: Destination file permissions after open = 0x%X\n", DstFilename, dststat.st_mode);
+        chmod(DstFilename, dststat.st_mode & ~(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH));
+        stat(DstFilename, &dststat);
+        if (Verbose)
+            printf("%s: Destination file permissions after chmod = 0x%X\n", DstFilename, dststat.st_mode);
+    }
+
     return SUCCESS;
 }