baresip · sreimers · Feb 4, 2022 · Feb 1, 2022 · Feb 1, 2022 · Feb 1, 2022
diff --git a/.github/workflows/codeql-analysis.yml → .github/workflows/codeql.yml b/.github/workflows/codeql-analysis.yml → .github/workflows/codeql.yml
@@ -7,19 +7,15 @@ jobs:
     name: CodeQL Analyze
     runs-on: ubuntu-latest
 
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'cpp' ]
-
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1
       with:
-        languages: ${{ matrix.language }}
+        languages: cpp
+        queries: security-extended
 
     - run: make
 

diff --git a/include/re_sys.h b/include/re_sys.h
@@ -3,7 +3,7 @@
  *
  * Copyright (C) 2010 Creytiv.com
  */
-
+#include <stdio.h>
 
 #ifndef VERSION
 #define VERSION "?"
@@ -73,3 +73,4 @@ int  fs_mkdir(const char *path, uint16_t mode);
 int  fs_gethome(char *path, size_t sz);
 bool fs_isdir(const char *path);
 bool fs_isfile(const char *file);
+int  fs_fopen(FILE **fp, const char *file, const char *mode);
diff --git a/src/dbg/dbg.c b/src/dbg/dbg.c
@@ -16,6 +16,7 @@
 #include <re_fmt.h>
 #include <re_list.h>
 #include <re_tmr.h>
+#include <re_sys.h>
 
 
 #define DEBUG_MODULE "dbg"
@@ -99,14 +100,16 @@ void dbg_close(void)
  */
 int dbg_logfile_set(const char *name)
 {
+	int err;
+
 	dbg_close();
 
 	if (!name)
 		return 0;
 
-	dbg.f = fopen(name, "a+");
-	if (!dbg.f)
-		return errno;
+	err = fs_fopen(&dbg.f, name, "a+");
+	if (err)
+		return err;
 
 	(void)re_fprintf(dbg.f, "\n===== Log Started: %H", fmt_gmtime, NULL);
 	(void)fflush(dbg.f);

diff --git a/src/fmt/print.c b/src/fmt/print.c
@@ -163,7 +163,7 @@ static size_t local_ftoa(char *buf, double n, size_t dp)
 int re_vhprintf(const char *fmt, va_list ap, re_vprintf_h *vph, void *arg)
 {
 	uint8_t base, *bptr;
-	char pch, ch, num[NUM_SIZE], addr[64], msg[256];
+	char pch = 0, ch, num[NUM_SIZE], addr[64], msg[256];
 	enum length_modifier lenmod = LENMOD_NONE;
 	struct re_printf pf;
 	bool fm = false, plr = false;

diff --git a/src/sdp/media.c b/src/sdp/media.c
@@ -258,7 +258,7 @@ struct sdp_media *sdp_media_find(const struct sdp_session *sess,
  */
 void sdp_media_align_formats(struct sdp_media *m, bool offer)
 {
-	struct sdp_format *rfmt, *lfmt;
+	struct sdp_format *rfmt, *lfmt = NULL;
 	struct le *rle, *lle;
 
 	if (!m || m->disabled || !sa_port(&m->raddr) || m->fmt_ignore)

diff --git a/src/sys/fs.c b/src/sys/fs.c
@@ -155,3 +155,42 @@ bool fs_isfile(const char *file)
 
 	return true;
 }
+
+
+/**
+ * Open file with security enhancements (like fopen_s).
+ * The file is created with mode 0600 if it does not exist
+ *
+ * @param fp   FILE pointer for allocation
+ * @param file Pathname
+ * @param mode fopen mode
+ *
+ * @return 0 if success, otherwise errorcode
+ *
+ */
+int fs_fopen(FILE **fp, const char *file, const char *mode)
+{
+	FILE *pfile;
+	int fd;
+
+	if (!fp || !file || !mode)
+		return EINVAL;
+
+	if (fs_isfile(file))
+		goto fopen;
+
+	fd = open(file, O_WRONLY | O_CREAT, S_IWUSR | S_IRUSR);
+	if (!fd)
+		return errno;
+	else
+		(void)close(fd);
+
+fopen:
+	pfile = fopen(file, mode);
+	if (!pfile)
+		return errno;
+
+	*fp = pfile;
+
+	return 0;
+}
diff --git a/src/trace/trace.c b/src/trace/trace.c
@@ -9,6 +9,7 @@
 #include <re_list.h>
 #include <re_tmr.h>
 #include <re_lock.h>
+#include <re_sys.h>
 
 #ifdef HAVE_PTHREAD
 #include <pthread.h>
@@ -108,11 +109,9 @@ int re_trace_init(const char *json_file)
 
 	lock_alloc(&trace.lock);
 
-	trace.f = fopen(json_file, "w+");
-	if (!trace.f) {
-		err = errno;
+	err = fs_fopen(&trace.f, json_file, "w+");
+	if (err)
 		goto out;
-	}
 
 	(void)re_fprintf(trace.f, "{\t\n\t\"traceEvents\": [\n");
 	(void)fflush(trace.f);