diff --git a/file.c b/file.c index 31a937d..3831c54 100644 --- a/file.c +++ b/file.c @@ -221,7 +221,7 @@ rpc_file_write(struct ubus_context *ctx, struct ubus_object *obj, if (!tb[RPC_F_RW_PATH] || !tb[RPC_F_RW_DATA]) return UBUS_STATUS_INVALID_ARGUMENT; - if ((fd = open(blobmsg_data(tb[RPC_F_RW_PATH]), O_CREAT | O_TRUNC | O_WRONLY)) < 0) + if ((fd = open(blobmsg_data(tb[RPC_F_RW_PATH]), O_CREAT | O_TRUNC | O_WRONLY, 0666)) < 0) return rpc_errno_status(); if (write(fd, blobmsg_data(tb[RPC_F_RW_DATA]), blobmsg_data_len(tb[RPC_F_RW_DATA])) < 0) diff --git a/plugin.c b/plugin.c index b75241a..70d2c56 100644 --- a/plugin.c +++ b/plugin.c @@ -324,7 +324,9 @@ rpc_plugin_parse_exec(const char *name, int fd) if (!obj_type) return NULL; - asprintf((char **)&obj_type->name, "luci-rpc-plugin-%s", name); + if (asprintf((char **)&obj_type->name, "luci-rpc-plugin-%s", name) < 0) + return NULL; + obj_type->methods = methods; obj_type->n_methods = n_method; diff --git a/session.c b/session.c index b45d9fe..951201b 100644 --- a/session.c +++ b/session.c @@ -146,22 +146,28 @@ static const struct blobmsg_policy login_policy[__RPC_L_MAX] = { !fnmatch((_acl)->object, (_obj), FNM_NOESCAPE) && \ !fnmatch((_acl)->function, (_func), FNM_NOESCAPE)) -static void +static int rpc_random(char *dest) { unsigned char buf[16] = { 0 }; FILE *f; int i; + int ret; f = fopen("/dev/urandom", "r"); if (!f) - return; + return -1; - fread(buf, 1, sizeof(buf), f); + ret = fread(buf, 1, sizeof(buf), f); fclose(f); + if (ret < 0) + return ret; + for (i = 0; i < sizeof(buf); i++) sprintf(dest + (i<<1), "%02x", buf[i]); + + return 0; } static void @@ -316,7 +322,8 @@ rpc_session_create(int timeout) if (!ses) return NULL; - rpc_random(ses->id); + if (rpc_random(ses->id)) + return NULL; ses->timeout = timeout;