2 files changed, 23 insertions, 10 deletions

diff --git a/usr.bin/vi/common/exf.c b/usr.bin/vi/common/exf.c
index 333c495d27f..d2b361d9f8b 100644
--- a/usr.bin/vi/common/exf.c
+++ b/usr.bin/vi/common/exf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: exf.c,v 1.12 2001/01/29 01:58:29 niklas Exp $	*/
+/*	$OpenBSD: exf.c,v 1.13 2001/06/18 21:39:25 millert Exp $	*/
 
 /*-
  * Copyright (c) 1992, 1993, 1994
@@ -189,9 +189,14 @@ file_init(sp, frp, rcv_name, flags)
 			goto err;
 		(void)snprintf(tname, sizeof(tname),
 		    "%s/vi.XXXXXX", O_STR(sp, O_DIRECTORY));
-		if ((fd = mkstemp(tname)) == -1) {
+		fd = mkstemp(tname);
+		if (fd == -1 || fchmod(fd, S_IRUSR | S_IWUSR) == -1) {
 			msgq(sp, M_SYSERR,
 			    "237|Unable to create temporary file");
+			if (fd != -1) {
+				close(fd);
+				(void)unlink(tname);
+			}
 			goto err;
 		}
 		(void)close(fd);
@@ -1129,7 +1134,12 @@ file_backup(sp, name, bname)
 		flags = O_TRUNC;
 	} else
 		flags = O_CREAT | O_EXCL;
-	if ((wfd = open(wfname, flags | O_WRONLY, S_IRUSR | S_IWUSR)) < 0) {
+	if ((wfd = open(wfname, flags | O_WRONLY, S_IRUSR | S_IWUSR)) < 0 ||
+	    fchmod(wfd, S_IRUSR | S_IWUSR) < 0) {
+		if (wfd != -1) {
+			close(wfd);
+			(void)unlink(wfname);
+		}
 		estr = bname;
 		goto err;
 	}
diff --git a/usr.bin/vi/common/recover.c b/usr.bin/vi/common/recover.c
index a61685dd2b2..2b47562da48 100644
--- a/usr.bin/vi/common/recover.c
+++ b/usr.bin/vi/common/recover.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: recover.c,v 1.6 2001/05/28 22:41:35 pvalchev Exp $	*/
+/*	$OpenBSD: recover.c,v 1.7 2001/06/18 21:39:26 millert Exp $	*/
 
 /*-
  * Copyright (c) 1993, 1994
@@ -837,16 +837,19 @@ rcv_mktemp(sp, path, dname, perms)
 	 * !!!
 	 * We expect mkstemp(3) to set the permissions correctly.  On
 	 * historic System V systems, mkstemp didn't.  Do it here, on
-	 * GP's.
+	 * GP's.  This also protects us from users with stupid umasks.
 	 *
 	 * XXX
-	 * The variable perms should really be a mode_t, and it would
-	 * be nice to use fchmod(2) instead of chmod(2), here.
+	 * The variable perms should really be a mode_t.
 	 */
-	if ((fd = mkstemp(path)) == -1)
+	if ((fd = mkstemp(path)) == -1 || fchmod(fd, perms) == -1) {
 		msgq_str(sp, M_SYSERR, dname, "%s");
-	else
-		(void)chmod(path, perms);
+		if (fd != -1) {
+			close(fd);
+			unlink(path);
+			fd = -1;
+		}
+	}
 	return (fd);
 }