File remove-umask.patch of Package rrdtool.22435

From f1edd121add94fe69ac22d991748d289b5eb76ae Mon Sep 17 00:00:00 2001
From: Tobias Oetiker <tobi@oetiker.ch>
Date: Sun, 11 Jun 2017 17:19:05 +0200
Subject: [PATCH] Remove all occurances of umask ... this is NOT thread safe!
 Fix for #794.

---
 doc/rrdcreate.pod |  6 ++++++
 src/rrd_create.c  | 18 +++++++-----------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/doc/rrdcreate.pod b/doc/rrdcreate.pod
index f2e545d4..cb84c53d 100644
--- a/doc/rrdcreate.pod
+++ b/doc/rrdcreate.pod
@@ -743,6 +743,12 @@ divides each PDP of the AccumDuration by the corresponding PDP of
 TotalRequests and stores the average request duration. The remainder of the
 RPN expression handles the divide by zero case.
 
+=head1 SECURITY
+
+Note that new rrd files will have the permission 0622 regarless of your
+umask setting. If a file with the same name previously exists, its
+permission settings will be copied to the new file.
+
 =head1 AUTHORS
 
 Tobias Oetiker E<lt>tobi@oetiker.chE<gt>, Peter Stamfest E<lt>peter@stamfest.atE<gt>
diff --git a/src/rrd_create.c b/src/rrd_create.c
index 536b1f10..7be6bcf7 100644
--- a/src/rrd_create.c
+++ b/src/rrd_create.c
@@ -4,6 +4,7 @@
  * rrd_create.c  creates new rrds
  *****************************************************************************/
 
+#include "mutex.h"
 #include <stdlib.h>
 #include <time.h>
 #include <locale.h>
@@ -1315,10 +1316,10 @@ static int rrd_init_data(rrd_t *rrd)
     return rc;
 }
 
+
 int write_rrd(const char *outfilename, rrd_t *out) {
     int rc = -1;
     char *tmpfilename = NULL;
-    mode_t saved_umask;
 
     /* write out the new file */
 #ifdef HAVE_LIBRADOS
@@ -1343,10 +1344,10 @@ int write_rrd(const char *outfilename, rrd_t *out) {
 	strcpy(tmpfilename, outfilename);
 	strcat(tmpfilename, "XXXXXX");
 	
-	/* fix CWE-377 */
-	saved_umask = umask(S_IRUSR|S_IWUSR);
+        /* this is 0600 according to the manual page */        
 	int tmpfd = mkstemp(tmpfilename);
-	umask(saved_umask);
+
+	
 	if (tmpfd < 0) {
 	    rrd_set_error("Cannot create temporary file");
 	    goto done;
@@ -1379,13 +1380,8 @@ int write_rrd(const char *outfilename, rrd_t *out) {
                 stat_buf.st_mode = _S_IREAD | _S_IWRITE;  // have to test it is 
 #else
 		/* an error occurred (file not found, maybe?). Anyway:
-		   set the mode to 0666 using current umask */
-		stat_buf.st_mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
-		
-		mode_t mask = umask(0);
-		umask(mask);
-
-		stat_buf.st_mode &= ~mask;
+		   set the mode to 0644 using current umask */
+		stat_buf.st_mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
 #endif                
 	    }
 	    if (chmod(tmpfilename, stat_buf.st_mode) != 0) {