From 60dd23ab8f5d772bee38200395e54d640499d443 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=99emysl=20Janouch?=
Date: Wed, 13 Jan 2016 00:19:20 +0100
Subject: [PATCH] Make writing files a bit safer
Especially configuration files.
---
liberty.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/liberty.c b/liberty.c
index 9d5efd3..62eab4e 100644
--- a/liberty.c
+++ b/liberty.c
@@ -3379,11 +3379,11 @@ write_file (const char *filename, const struct str *data, struct error **e)
return false;
}
- errno = 0;
fwrite (data->str, data->len, 1, fp);
+ bool success = !ferror (fp) && !fflush (fp) && !fsync (fileno (fp));
fclose (fp);
- if (errno)
+ if (!success)
{
error_set (e, "writing to `%s' failed: %s", filename, strerror (errno));
return false;
@@ -3391,6 +3391,22 @@ write_file (const char *filename, const struct str *data, struct error **e)
return true;
}
+/// Wrapper for write_file() that makes sure that the new data has been written
+/// to disk in its entirety before overriding the old file
+static bool
+write_file_safe (const char *filename, const struct str *data, struct error **e)
+{
+ // XXX: ideally we would also open the directory, use *at() versions
+ // of functions and call fsync() on the directory as appropriate
+ char *temp = xstrdup_printf ("%s.new", filename);
+ bool success = write_file (temp, data, e);
+ if (success && !(success = !rename (temp, filename)))
+ error_set (e, "could not rename `%s' to `%s': %s",
+ temp, filename, strerror (errno));
+ free (temp);
+ return success;
+}
+
// --- Simple configuration ----------------------------------------------------
// The keys are stripped of surrounding whitespace, the values are not.
@@ -3482,7 +3498,7 @@ write_configuration_file (const char *path_hint, const struct str *data,
str_append (&path, "/" PROGRAM_NAME "/" PROGRAM_NAME ".conf");
}
- if (!write_file (path.str, data, e))
+ if (!write_file_safe (path.str, data, e))
{
str_free (&path);
return NULL;