diff options
| author | Krzysztof Grobelny <krzysztof.grobelny@intel.com> | 2020-06-26 11:40:42 +0300 |
|---|---|---|
| committer | Kurzynski, Zbigniew <zbigniew.kurzynski@intel.com> | 2020-07-06 16:02:12 +0300 |
| commit | 1d453d987d5ece338aad08cee315fbacf179e692 (patch) | |
| tree | 7438de03b69c1c7f274cc70cef172e638f933b38 | |
| parent | c1dd28ebf57ee9bd9077007b52ebcaa70347f5e7 (diff) | |
| download | virtual-media-1d453d987d5ece338aad08cee315fbacf179e692.tar.xz | |
VolatileFile security fix
- Flushing file content before deleting it
TESTED: Tested manually, no regression detected.
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
Change-Id: Id48ebb6edbb2c0f0fbf930c2be9a63dd1034b7cc
| -rw-r--r-- | src/utils.hpp | 41 |
1 files changed, 23 insertions, 18 deletions
diff --git a/src/utils.hpp b/src/utils.hpp index f4d2c02..961e1e5 100644 --- a/src/utils.hpp +++ b/src/utils.hpp @@ -181,20 +181,7 @@ class VolatileFile ~VolatileFile() { - // Purge file contents - std::array<char, secretLimit> buf; - buf.fill('*'); - std::ofstream file(filePath); - std::size_t bytesWritten = 0, bytesToWrite = 0; - - while (bytesWritten < size) - { - bytesToWrite = std::min(secretLimit, (size - bytesWritten)); - file.write(buf.data(), bytesToWrite); - bytesWritten += bytesToWrite; - } - - // Remove leftover file + purgeFileContents(); fs::remove(filePath); } @@ -206,16 +193,34 @@ class VolatileFile private: static void create(const std::string& filePath, const Buffer& data) { - // Create file std::ofstream file(filePath); + limitPermissionsToOwnerOnly(filePath); + file.write(data->data(), data->size()); + } - // Limit permissions to owner only + static void limitPermissionsToOwnerOnly(const std::string& filePath) + { fs::permissions(filePath, fs::perms::owner_read | fs::perms::owner_write, fs::perm_options::replace); + } - // Write contents - file.write(data->data(), data->size()); + void purgeFileContents() + { + if (std::ofstream file(filePath); file) + { + std::array<char, secretLimit> buf; + buf.fill('*'); + + std::size_t bytesWritten = 0; + while (bytesWritten < size) + { + std::size_t bytesToWrite = + std::min(secretLimit, (size - bytesWritten)); + file.write(buf.data(), bytesToWrite); + bytesWritten += bytesToWrite; + } + } } const std::string filePath; |