76 lines
2.0 KiB
Diff
76 lines
2.0 KiB
Diff
From 56228352ca1509f1d6dc7300c21c23bb7e0c0b12 Mon Sep 17 00:00:00 2001
|
|
From: daisicheng <daisicheng@huawei.com>
|
|
Date: Thu, 18 Aug 2022 19:22:56 +0800
|
|
Subject: [PATCH 3/3] fix the possible file leakage problem in util/cipher.go
|
|
|
|
---
|
|
util/cipher.go | 37 +++++++++++++++++++++----------------
|
|
1 file changed, 21 insertions(+), 16 deletions(-)
|
|
|
|
diff --git a/util/cipher.go b/util/cipher.go
|
|
index c6fa555..193ca69 100644
|
|
--- a/util/cipher.go
|
|
+++ b/util/cipher.go
|
|
@@ -83,37 +83,42 @@ func DecryptRSA(data string, key *rsa.PrivateKey, h crypto.Hash) (string, error)
|
|
}
|
|
|
|
// GenRSAPublicKeyFile store public key from rsa key pair into local file
|
|
-func GenRSAPublicKeyFile(key *rsa.PrivateKey, path string) error {
|
|
- if exist, err := IsExist(path); err != nil {
|
|
- return err
|
|
+func GenRSAPublicKeyFile(key *rsa.PrivateKey, path string) (err error) {
|
|
+ var exist bool
|
|
+ if exist, err = IsExist(path); err != nil {
|
|
+ return
|
|
} else if exist {
|
|
- if err := os.Remove(path); err != nil {
|
|
+ if err = os.Remove(path); err != nil {
|
|
return errors.Errorf("failed to delete the residual key file: %v", err)
|
|
}
|
|
}
|
|
publicKey := &key.PublicKey
|
|
- stream, err := x509.MarshalPKIXPublicKey(publicKey)
|
|
+ var stream []byte
|
|
+ stream, err = x509.MarshalPKIXPublicKey(publicKey)
|
|
if err != nil {
|
|
- return err
|
|
+ return
|
|
}
|
|
block := &pem.Block{
|
|
Type: "RSA PUBLIC KEY",
|
|
Bytes: stream,
|
|
}
|
|
- file, err := os.Create(path)
|
|
+ var file *os.File
|
|
+ file, err = os.Create(path)
|
|
if err != nil {
|
|
- return err
|
|
+ return
|
|
}
|
|
- if err := os.Chmod(path, constant.DefaultReadOnlyFileMode); err != nil {
|
|
- return err
|
|
- }
|
|
- if err := pem.Encode(file, block); err != nil {
|
|
- return err
|
|
+ defer func() {
|
|
+ cErr := file.Close()
|
|
+ if cErr != nil && err == nil {
|
|
+ err = cErr
|
|
+ }
|
|
+ }()
|
|
+ if err = file.Chmod(constant.DefaultReadOnlyFileMode); err != nil {
|
|
+ return
|
|
}
|
|
- if cErr := file.Close(); cErr != nil {
|
|
- return cErr
|
|
+ if err = pem.Encode(file, block); err != nil {
|
|
+ return
|
|
}
|
|
-
|
|
return nil
|
|
}
|
|
|
|
--
|
|
2.33.0
|
|
|