From da73c2804b3ca962fa51473bb4c303a5ed32d4a1 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Tue, 16 Oct 2018 18:20:12 +0200
Subject: trust: Set umask before calling mkstemp

---
 trust/save.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'trust')

diff --git a/trust/save.c b/trust/save.c
index 8184e13..bb77348 100644
--- a/trust/save.c
+++ b/trust/save.c
@@ -95,6 +95,7 @@ p11_save_open_file (const char *path,
 {
 	p11_save_file *file;
 	char *temp;
+	mode_t mode;
 	int fd;
 
 	return_val_if_fail (path != NULL, NULL);
@@ -105,7 +106,9 @@ p11_save_open_file (const char *path,
 	if (asprintf (&temp, "%s%s.XXXXXX", path, extension) < 0)
 		return_val_if_reached (NULL);
 
+	mode = umask (0077);
 	fd = mkstemp (temp);
+	umask (mode);
 	if (fd < 0) {
 		p11_message_err (errno, "couldn't create file: %s%s", path, extension);
 		free (temp);
-- 
cgit v1.1