X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Frand%2Frandfile.c;h=942a963e836976b8c8c91f1f985501e9d9070977;hp=e1ed4e3a9812afd035df76c178ecd8d8d094177c;hb=a31011e8e0ea18f1cc79d7eb53238768ae9369c6;hpb=38899535f85784442395aeab921b25fc79266491;ds=inline

diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index e1ed4e3a98..942a963e83 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -78,7 +78,7 @@
 #define BUFSIZE	1024
 #define RAND_DATA 1024
 
-/* #define RFILE ".rand" - defined in ../../e_os.h */
+/* #define RFILE ".rnd" - defined in ../../e_os.h */
 
 int RAND_load_file(const char *file, long bytes)
 	{
@@ -119,7 +119,7 @@ int RAND_write_file(const char *file)
 	{
 	unsigned char buf[BUFSIZE];
 	int i,ret=0;
-	FILE *out;
+	FILE *out = NULL;
 	int n;
 
 	/* Under VMS, fopen(file, "wb") will create a new version of the
@@ -130,12 +130,22 @@ int RAND_write_file(const char *file)
 	out=fopen(file,"rb+");
 	if (out == NULL
 #ifdef ENOENT
- && errno == ENOENT
+	    && errno == ENOENT
 #endif
 	   )
 		{
 		errno = 0;
+#if defined O_CREAT && defined O_EXCL
+		/* chmod(..., 0600) is too late to protect the file,
+		 * permissions should be restrictive from the start */
+		{
+		    int fd = open(file, O_CREAT | O_EXCL, 0600);
+		    if (fd != -1)
+			out = fdopen(fd, "wb");
+		}
+#else		
 		out=fopen(file,"wb");
+#endif
 		}
 	if (out == NULL) goto err;
 #ifndef NO_CHMOD