isula-build/patch/0125-fix-the-possible-file-leakage-problem-in-util-cipher.patch

From 56228352ca1509f1d6dc7300c21c23bb7e0c0b12 Mon Sep 17 00:00:00 2001
From: daisicheng <daisicheng@huawei.com>
Date: Thu, 18 Aug 2022 19:22:56 +0800
Subject: [PATCH 3/3] fix the possible file leakage problem in util/cipher.go

---
 util/cipher.go | 37 +++++++++++++++++++++----------------
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/util/cipher.go b/util/cipher.go
index c6fa555..193ca69 100644
--- a/util/cipher.go
+++ b/util/cipher.go
@@ -83,37 +83,42 @@ func DecryptRSA(data string, key *rsa.PrivateKey, h crypto.Hash) (string, error)
 }
 
 // GenRSAPublicKeyFile store public key from rsa key pair into local file
-func GenRSAPublicKeyFile(key *rsa.PrivateKey, path string) error {
-	if exist, err := IsExist(path); err != nil {
-		return err
+func GenRSAPublicKeyFile(key *rsa.PrivateKey, path string) (err error) {
+	var exist bool
+	if exist, err = IsExist(path); err != nil {
+		return
 	} else if exist {
-		if err := os.Remove(path); err != nil {
+		if err = os.Remove(path); err != nil {
 			return errors.Errorf("failed to delete the residual key file: %v", err)
 		}
 	}
 	publicKey := &key.PublicKey
-	stream, err := x509.MarshalPKIXPublicKey(publicKey)
+	var stream []byte
+	stream, err = x509.MarshalPKIXPublicKey(publicKey)
 	if err != nil {
-		return err
+		return
 	}
 	block := &pem.Block{
 		Type:  "RSA PUBLIC KEY",
 		Bytes: stream,
 	}
-	file, err := os.Create(path)
+	var file *os.File
+	file, err = os.Create(path)
 	if err != nil {
-		return err
+		return
 	}
-	if err := os.Chmod(path, constant.DefaultReadOnlyFileMode); err != nil {
-		return err
-	}
-	if err := pem.Encode(file, block); err != nil {
-		return err
+	defer func() {
+		cErr := file.Close()
+		if cErr != nil && err == nil {
+			err = cErr
+		}
+	}()
+	if err = file.Chmod(constant.DefaultReadOnlyFileMode); err != nil {
+		return
 	}
-	if cErr := file.Close(); cErr != nil {
-		return cErr
+	if err = pem.Encode(file, block); err != nil {
+		return
 	}
-
 	return nil
 }
 
-- 
2.33.0
modify the Makefile and README document;add the constraints and limitations of the doc;fix the possible file leakage problem in util/cipher 2022-08-19 17:09:39 +08:00			`From 56228352ca1509f1d6dc7300c21c23bb7e0c0b12 Mon Sep 17 00:00:00 2001`
			`From: daisicheng <daisicheng@huawei.com>`
			`Date: Thu, 18 Aug 2022 19:22:56 +0800`
			`Subject: [PATCH 3/3] fix the possible file leakage problem in util/cipher.go`

			`---`
			`util/cipher.go \| 37 +++++++++++++++++++++----------------`
			`1 file changed, 21 insertions(+), 16 deletions(-)`

			`diff --git a/util/cipher.go b/util/cipher.go`
			`index c6fa555..193ca69 100644`
			`--- a/util/cipher.go`
			`+++ b/util/cipher.go`
			`@@ -83,37 +83,42 @@ func DecryptRSA(data string, key *rsa.PrivateKey, h crypto.Hash) (string, error)`
			`}`

			`// GenRSAPublicKeyFile store public key from rsa key pair into local file`
			`-func GenRSAPublicKeyFile(key *rsa.PrivateKey, path string) error {`
			`- if exist, err := IsExist(path); err != nil {`
			`- return err`
			`+func GenRSAPublicKeyFile(key *rsa.PrivateKey, path string) (err error) {`
			`+ var exist bool`
			`+ if exist, err = IsExist(path); err != nil {`
			`+ return`
			`} else if exist {`
			`- if err := os.Remove(path); err != nil {`
			`+ if err = os.Remove(path); err != nil {`
			`return errors.Errorf("failed to delete the residual key file: %v", err)`
			`}`
			`}`
			`publicKey := &key.PublicKey`
			`- stream, err := x509.MarshalPKIXPublicKey(publicKey)`
			`+ var stream []byte`
			`+ stream, err = x509.MarshalPKIXPublicKey(publicKey)`
			`if err != nil {`
			`- return err`
			`+ return`
			`}`
			`block := &pem.Block{`
			`Type: "RSA PUBLIC KEY",`
			`Bytes: stream,`
			`}`
			`- file, err := os.Create(path)`
			`+ var file *os.File`
			`+ file, err = os.Create(path)`
			`if err != nil {`
			`- return err`
			`+ return`
			`}`
			`- if err := os.Chmod(path, constant.DefaultReadOnlyFileMode); err != nil {`
			`- return err`
			`- }`
			`- if err := pem.Encode(file, block); err != nil {`
			`- return err`
			`+ defer func() {`
			`+ cErr := file.Close()`
			`+ if cErr != nil && err == nil {`
			`+ err = cErr`
			`+ }`
			`+ }()`
			`+ if err = file.Chmod(constant.DefaultReadOnlyFileMode); err != nil {`
			`+ return`
			`}`
			`- if cErr := file.Close(); cErr != nil {`
			`- return cErr`
			`+ if err = pem.Encode(file, block); err != nil {`
			`+ return`
			`}`
			`-`
			`return nil`
			`}`

			`--`
			`2.33.0`