Skip to content

Commit

Permalink
Merge commit from fork
Browse files Browse the repository at this point in the history
fix: OS error when setting CRL cache leads to denial of signature verification
  • Loading branch information
shizhMSFT authored Nov 1, 2024
2 parents 82014a9 + 7d11fa2 commit e1b80e2
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 10 deletions.
11 changes: 9 additions & 2 deletions internal/file/file.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,8 +119,15 @@ func TrimFileExtension(fileName string) string {

// WriteFile writes content to a temporary file and moves it to path.
// If path already exists and is a file, WriteFile overwrites it.
func WriteFile(path string, content []byte) (writeErr error) {
tempFile, err := os.CreateTemp("", tempFileNamePrefix)
//
// Parameters:
// - tempDir is the directory to create the temporary file. It should be
// in the same mount point as path. If tempDir is empty, the default
// directory for temporary files is used.
// - path is the destination file path.
// - content is the content to write.
func WriteFile(tempDir, path string, content []byte) (writeErr error) {
tempFile, err := os.CreateTemp(tempDir, tempFileNamePrefix)
if err != nil {
return fmt.Errorf("failed to create temp file: %w", err)
}
Expand Down
14 changes: 7 additions & 7 deletions internal/file/file_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ func TestCopyToDir(t *testing.T) {
if err := os.MkdirAll(filepath.Dir(filename), 0700); err != nil {
t.Fatal(err)
}
if err := WriteFile(filename, data); err != nil {
if err := WriteFile(tempDir, filename, data); err != nil {
t.Fatal(err)
}

Expand All @@ -52,7 +52,7 @@ func TestCopyToDir(t *testing.T) {
if err := os.MkdirAll(filepath.Dir(filename), 0700); err != nil {
t.Fatal(err)
}
if err := WriteFile(filename, data); err != nil {
if err := WriteFile(tempDir, filename, data); err != nil {
t.Fatal(err)
}

Expand Down Expand Up @@ -87,7 +87,7 @@ func TestCopyToDir(t *testing.T) {
if err := os.MkdirAll(filepath.Dir(filename), 0700); err != nil {
t.Fatal(err)
}
if err := WriteFile(filename, data); err != nil {
if err := WriteFile(tempDir, filename, data); err != nil {
t.Fatal(err)
}
// forbid reading
Expand All @@ -113,7 +113,7 @@ func TestCopyToDir(t *testing.T) {
if err := os.MkdirAll(filepath.Dir(filename), 0700); err != nil {
t.Fatal(err)
}
if err := WriteFile(filename, data); err != nil {
if err := WriteFile(tempDir, filename, data); err != nil {
t.Fatal(err)
}
// forbid dest directory operation
Expand All @@ -139,7 +139,7 @@ func TestCopyToDir(t *testing.T) {
if err := os.MkdirAll(filepath.Dir(filename), 0700); err != nil {
t.Fatal(err)
}
if err := WriteFile(filename, data); err != nil {
if err := WriteFile(tempDir, filename, data); err != nil {
t.Fatal(err)
}
// forbid writing to destTempDir
Expand All @@ -159,7 +159,7 @@ func TestCopyToDir(t *testing.T) {
if err := os.MkdirAll(filepath.Dir(filename), 0700); err != nil {
t.Fatal(err)
}
if err := WriteFile(filename, data); err != nil {
if err := WriteFile(tempDir, filename, data); err != nil {
t.Fatal(err)
}

Expand Down Expand Up @@ -192,7 +192,7 @@ func TestWriteFile(t *testing.T) {
if err != nil {
t.Fatal(err)
}
err = WriteFile(filepath.Join(tempDir, "testFile"), content)
err = WriteFile(tempDir, filepath.Join(tempDir, "testFile"), content)
if err == nil || !strings.Contains(err.Error(), "permission denied") {
t.Fatalf("expected permission denied error, but got %s", err)
}
Expand Down
2 changes: 1 addition & 1 deletion verifier/crl/crl.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ func (c *FileCache) Set(ctx context.Context, url string, bundle *corecrl.Bundle)
if err != nil {
return fmt.Errorf("failed to store crl bundle in file cache: %w", err)
}
if err := file.WriteFile(filepath.Join(c.root, c.fileName(url)), contentBytes); err != nil {
if err := file.WriteFile(c.root, filepath.Join(c.root, c.fileName(url)), contentBytes); err != nil {
return fmt.Errorf("failed to store crl bundle in file cache: %w", err)
}
return nil
Expand Down

0 comments on commit e1b80e2

Please sign in to comment.