From 8d7605670d53999139cd4c24f2ab55a0fae923b2 Mon Sep 17 00:00:00 2001
From: Sebastian Reimers <hallo@studio-link.de>
Date: Tue, 1 Feb 2022 08:39:27 +0100
Subject: [PATCH 1/6] ci/codeql: cleanup and use security-and-quality Queries

---
 .github/workflows/{codeql-analysis.yml => codeql.yml} | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)
 rename .github/workflows/{codeql-analysis.yml => codeql.yml} (75%)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql.yml
similarity index 75%
rename from .github/workflows/codeql-analysis.yml
rename to .github/workflows/codeql.yml
index 1e40a4013..b821b035c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql.yml
@@ -7,11 +7,6 @@ jobs:
     name: CodeQL Analyze
     runs-on: ubuntu-latest
 
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'cpp' ]
-
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
@@ -19,7 +14,8 @@ jobs:
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1
       with:
-        languages: ${{ matrix.language }}
+        languages: cpp
+        queries: security-extended
 
     - run: make
 

From 9487879bbe81067b1fc9f719074442de06a83b4a Mon Sep 17 00:00:00 2001
From: Sebastian Reimers <hallo@studio-link.de>
Date: Tue, 1 Feb 2022 09:54:12 +0100
Subject: [PATCH 2/6] sdp/media: fix possible uninitialized local format

---
 src/sdp/media.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/sdp/media.c b/src/sdp/media.c
index 6bf909f20..3543409a2 100644
--- a/src/sdp/media.c
+++ b/src/sdp/media.c
@@ -258,7 +258,7 @@ struct sdp_media *sdp_media_find(const struct sdp_session *sess,
  */
 void sdp_media_align_formats(struct sdp_media *m, bool offer)
 {
-	struct sdp_format *rfmt, *lfmt;
+	struct sdp_format *rfmt, *lfmt = NULL;
 	struct le *rle, *lle;
 
 	if (!m || m->disabled || !sa_port(&m->raddr) || m->fmt_ignore)

From d07c13af937474607e6a6cd25b536ca93c0d3e79 Mon Sep 17 00:00:00 2001
From: Sebastian Reimers <hallo@studio-link.de>
Date: Tue, 1 Feb 2022 11:07:08 +0100
Subject: [PATCH 3/6] fmt/print: initialize pch

---
 src/fmt/print.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/fmt/print.c b/src/fmt/print.c
index bf929d878..2cba356e4 100644
--- a/src/fmt/print.c
+++ b/src/fmt/print.c
@@ -163,7 +163,7 @@ static size_t local_ftoa(char *buf, double n, size_t dp)
 int re_vhprintf(const char *fmt, va_list ap, re_vprintf_h *vph, void *arg)
 {
 	uint8_t base, *bptr;
-	char pch, ch, num[NUM_SIZE], addr[64], msg[256];
+	char pch = 0, ch, num[NUM_SIZE], addr[64], msg[256];
 	enum length_modifier lenmod = LENMOD_NONE;
 	struct re_printf pf;
 	bool fm = false, plr = false;

From 0bad0d1a2ae803a66ba99051c57da7d96387d459 Mon Sep 17 00:00:00 2001
From: Sebastian Reimers <hallo@studio-link.de>
Date: Fri, 4 Feb 2022 11:24:40 +0100
Subject: [PATCH 4/6] sys: add secure fs_fopen()

---
 include/re_sys.h |  3 ++-
 src/sys/fs.c     | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/include/re_sys.h b/include/re_sys.h
index 09fd0c265..e53cc9af9 100644
--- a/include/re_sys.h
+++ b/include/re_sys.h
@@ -3,7 +3,7 @@
  *
  * Copyright (C) 2010 Creytiv.com
  */
-
+#include <stdio.h>
 
 #ifndef VERSION
 #define VERSION "?"
@@ -73,3 +73,4 @@ int  fs_mkdir(const char *path, uint16_t mode);
 int  fs_gethome(char *path, size_t sz);
 bool fs_isdir(const char *path);
 bool fs_isfile(const char *file);
+int  fs_fopen(FILE **fp, const char *file, const char *mode);
diff --git a/src/sys/fs.c b/src/sys/fs.c
index 226bb2b27..17fe3b81d 100644
--- a/src/sys/fs.c
+++ b/src/sys/fs.c
@@ -155,3 +155,42 @@ bool fs_isfile(const char *file)
 
 	return true;
 }
+
+
+/**
+ * Open file with security enhancements (like fopen_s).
+ * The file is created with mode 0600 if it does not exist
+ *
+ * @param fp   FILE pointer for allocation
+ * @param file Pathname
+ * @param mode fopen mode
+ *
+ * @return 0 if success, otherwise errorcode
+ *
+ */
+int fs_fopen(FILE **fp, const char *file, const char *mode)
+{
+	FILE *pfile;
+	int fd;
+
+	if (!fp || !file || !mode)
+		return EINVAL;
+
+	if (fs_isfile(file))
+		goto fopen;
+
+	fd = open(file, O_WRONLY | O_CREAT, S_IWUSR | S_IRUSR);
+	if (!fd)
+		return errno;
+	else
+		(void)close(fd);
+
+fopen:
+	pfile = fopen(file, mode);
+	if (!pfile)
+		return errno;
+
+	*fp = pfile;
+
+	return 0;
+}

From 98642a410ee52aa95399560b44d222528b769acd Mon Sep 17 00:00:00 2001
From: Sebastian Reimers <hallo@studio-link.de>
Date: Fri, 4 Feb 2022 11:29:46 +0100
Subject: [PATCH 5/6] trace: use secure fs_fopen()

---
 src/trace/trace.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/trace/trace.c b/src/trace/trace.c
index e02cd6fe5..ea3ac1eca 100644
--- a/src/trace/trace.c
+++ b/src/trace/trace.c
@@ -9,6 +9,7 @@
 #include <re_list.h>
 #include <re_tmr.h>
 #include <re_lock.h>
+#include <re_sys.h>
 
 #ifdef HAVE_PTHREAD
 #include <pthread.h>
@@ -108,11 +109,9 @@ int re_trace_init(const char *json_file)
 
 	lock_alloc(&trace.lock);
 
-	trace.f = fopen(json_file, "w+");
-	if (!trace.f) {
-		err = errno;
+	err = fs_fopen(&trace.f, json_file, "w+");
+	if (err)
 		goto out;
-	}
 
 	(void)re_fprintf(trace.f, "{\t\n\t\"traceEvents\": [\n");
 	(void)fflush(trace.f);

From 4e2f15192e80d97e353e909673c454907a427e74 Mon Sep 17 00:00:00 2001
From: Sebastian Reimers <hallo@studio-link.de>
Date: Fri, 4 Feb 2022 11:33:08 +0100
Subject: [PATCH 6/6] dbg: use secure fs_fopen()

---
 src/dbg/dbg.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/dbg/dbg.c b/src/dbg/dbg.c
index 43366f1b4..f9005e0be 100644
--- a/src/dbg/dbg.c
+++ b/src/dbg/dbg.c
@@ -16,6 +16,7 @@
 #include <re_fmt.h>
 #include <re_list.h>
 #include <re_tmr.h>
+#include <re_sys.h>
 
 
 #define DEBUG_MODULE "dbg"
@@ -99,14 +100,16 @@ void dbg_close(void)
  */
 int dbg_logfile_set(const char *name)
 {
+	int err;
+
 	dbg_close();
 
 	if (!name)
 		return 0;
 
-	dbg.f = fopen(name, "a+");
-	if (!dbg.f)
-		return errno;
+	err = fs_fopen(&dbg.f, name, "a+");
+	if (err)
+		return err;
 
 	(void)re_fprintf(dbg.f, "\n===== Log Started: %H", fmt_gmtime, NULL);
 	(void)fflush(dbg.f);