Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tool: dump headers even if file is write-only #10675

Closed
wants to merge 1 commit into from

Conversation

algorythmic
Copy link
Contributor

@algorythmic algorythmic commented Mar 4, 2023

The fixes in #10079 brought a (seemingly unrelated) change of open mode from wb/ab to wb+/ab+ for the headerfile. This makes it no longer possible to write the header file to e.g. a pipe, like:

curl -D >(grep ...) file:///dev/null

Which presently results in Warning: Failed to open /dev/fd/63

See #10079
Closes #10675

The fixes in curl#10079 brought a (seemingly unrelated) change of open mode
from `wb`/`ab` to `wb+`/`ab+` for the headerfile. This makes it no
longer possible to write the header file to e.g. a pipe, like:

    curl -D >(grep ...) file:///dev/null

Which presently results in `Warning: Failed to open /dev/fd/63`

See curl#10079
Closes curl#10675
@@ -983,11 +983,11 @@
* for every transfer.
*/
if(!per->prev || per->prev->config != config) {
newfile = fopen(config->headerfile, "wb+");
newfile = fopen(config->headerfile, "wb");

Check failure

Code scanning / CodeQL

File created without restricting permissions

A file may be created here with mode 0666, which would make it world-writable.
if(newfile)
fclose(newfile);
}
newfile = fopen(config->headerfile, "ab+");
newfile = fopen(config->headerfile, "ab");

Check failure

Code scanning / CodeQL

File created without restricting permissions

A file may be created here with mode 0666, which would make it world-writable.
@bagder
Copy link
Member

bagder commented Mar 6, 2023

Thanks!

@bagder bagder closed this in 1dd9296 Mar 6, 2023
bch pushed a commit to bch/curl that referenced this pull request Jul 19, 2023
The fixes in curl#10079 brought a (seemingly unrelated) change of open mode
from `wb`/`ab` to `wb+`/`ab+` for the headerfile. This makes it no
longer possible to write the header file to e.g. a pipe, like:

    curl -D >(grep ...) file:///dev/null

Which presently results in `Warning: Failed to open /dev/fd/63`

See curl#10079
Closes curl#10675
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

None yet

2 participants