[openssl-dev] [openssl.org #1520] request for checking if -in and -out files are same
Viktor Dukhovni
openssl-users at dukhovni.org
Sun Jun 14 15:45:35 UTC 2015
On Sun, Jun 14, 2015 at 02:55:05AM +0000, Rich Salz via RT wrote:
> One possiblity is open in exclusive mode. The problem is that O_EXCL is only
> part of open(2), not fopen(3). And we have to use fopen() because we need the
> "b" mode for binary output on platforms that require it. So I don't think that
> will work, either.
This is not the right approach anyway. To avoid clobbering the
input file we need to avoid overwriting just that particular file,
not any already existing file. It must be possible to use "-out"
to overwrite existing files.
A more critical deficiencydefects in how output is written by the
software in apps/ is:
* Private key output files are created with "0666" permissions
modulo umask. They should be created with "0600" permissions.
I've never run into a situation where the output file I want to
write to is also an input to the command in question. What's your
use-case?
As for "b" mode and the like, that can be handled with fdopen(3)
after open(2). To check wether an output file is one of the input
files, open it for write without truncation, then check with fstat()
whether it is one of the input files, and if not truncate, otherwise
bail out. Still what problem are we trying to solve here?
--
Viktor.
More information about the openssl-dev
mailing list