diff --git a/pam_kwallet.c b/pam_kwallet.c --- a/pam_kwallet.c +++ b/pam_kwallet.c @@ -16,6 +16,7 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * *************************************************************************************/ +#include #include #include #include @@ -64,6 +65,10 @@ #endif #endif +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + #define KWALLET_PAM_KEYSIZE 56 #define KWALLET_PAM_SALTSIZE 56 #define KWALLET_PAM_ITERATIONS 50000 @@ -685,16 +690,21 @@ free(dir); char *salt = gcry_random_bytes(KWALLET_PAM_SALTSIZE, GCRY_STRONG_RANDOM); - FILE *fd = fopen(path, "w"); + int fd = open(path, O_WRONLY | O_TRUNC | O_CLOEXEC); //If the file can't be created - if (fd == NULL) { + if (fd == -1) { syslog(LOG_ERR, "%s: Couldn't open file: %s because: %d-%s", logPrefix, path, errno, strerror(errno)); exit(-2); } - fwrite(salt, KWALLET_PAM_SALTSIZE, 1, fd); - fclose(fd); + ssize_t wlen = write(fd, salt, KWALLET_PAM_SALTSIZE); + close(fd); + if (wlen != KWALLET_PAM_SALTSIZE) { + syslog(LOG_ERR, "%s: Short write to file: %s", logPrefix, path); + unlink(path); + exit(-2); + } exit(0); // success } @@ -742,19 +752,19 @@ return 1; } - FILE *fd = fopen(path, "r"); - if (fd == NULL) { + int fd = open(path, O_RDONLY | O_CLOEXEC); + if (fd == -1) { syslog(LOG_ERR, "%s: Couldn't open file: %s because: %d-%s", logPrefix, path, errno, strerror(errno)); free(path); return 1; } salt = (char*) malloc(KWALLET_PAM_SALTSIZE); memset(salt, '\0', KWALLET_PAM_SALTSIZE); - fread(salt, KWALLET_PAM_SALTSIZE, 1, fd); - fclose(fd); + ssize_t rlen = read(fd, salt, KWALLET_PAM_SALTSIZE); + close(fd); free(path); - if (salt == NULL) { + if (rlen != KWALLET_PAM_SALTSIZE) { syslog(LOG_ERR, "%s-kwalletd: Couldn't create or read the salt file", logPrefix); return 1; }