From 9d24c966c3175df28340d83342e565f1824fe228 Mon Sep 17 00:00:00 2001 From: Gabriel Kihlman Date: Wed, 15 May 2019 12:50:05 +0200 Subject: [PATCH] Avoid potentially following a symlink with open() --- ykpamcfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ykpamcfg.c b/ykpamcfg.c index f5a4eced..fec19b14 100644 --- a/ykpamcfg.c +++ b/ykpamcfg.c @@ -250,7 +250,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u umask(077); - fd = open (fn, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); + fd = open (fn, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC | O_NOFOLLOW | O_NOCTTY, S_IRUSR | S_IWUSR); if (fd < 0) { fprintf (stderr, "Failed to open '%s' for writing: %s\n", fn, strerror (errno)); goto out;