Update linenoise to fix insecure redis-cli history file creation.

The problem was fixed in antirez/linenoise repository applying a patch
contributed by @lamby. Here the new version is updated in the Redis
source tree.

Close #1418
Close #3322
This commit is contained in:
antirez 2016-07-29 11:28:16 +02:00
parent 7c6e288d76
commit 71536684a7

View File

@ -111,6 +111,7 @@
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#include <ctype.h> #include <ctype.h>
#include <sys/stat.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include <unistd.h> #include <unistd.h>
@ -1160,10 +1161,14 @@ int linenoiseHistorySetMaxLen(int len) {
/* Save the history in the specified file. On success 0 is returned /* Save the history in the specified file. On success 0 is returned
* otherwise -1 is returned. */ * otherwise -1 is returned. */
int linenoiseHistorySave(const char *filename) { int linenoiseHistorySave(const char *filename) {
FILE *fp = fopen(filename,"w"); mode_t old_umask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
FILE *fp;
int j; int j;
fp = fopen(filename,"w");
umask(old_umask);
if (fp == NULL) return -1; if (fp == NULL) return -1;
chmod(filename,S_IRUSR|S_IWUSR);
for (j = 0; j < history_len; j++) for (j = 0; j < history_len; j++)
fprintf(fp,"%s\n",history[j]); fprintf(fp,"%s\n",history[j]);
fclose(fp); fclose(fp);