577b79db7e
- Rebase on upstream f56a72ac9e86 - sepolicy: fix sepolicy manpage -w - sandbox: add -R option to alternate XDG_RUNTIME_DIR - Remove dependency on the Python module distutils
50 lines
1.7 KiB
Diff
50 lines
1.7 KiB
Diff
From 6d02b2fa29954e239721907e1fce238f25ea4f2f Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
Date: Fri, 20 May 2022 15:19:52 +0200
|
|
Subject: [PATCH] semodule: avoid toctou on output module
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
Content-type: text/plain
|
|
|
|
Do not check for file existence and open afterwards, open with the
|
|
exclusive flag (supported in Glibc and musl 0.9.6 and also standardized
|
|
in C11).
|
|
|
|
Found by GitHub CodeQL.
|
|
|
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
|
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
|
---
|
|
policycoreutils/semodule/semodule.c | 13 +++++--------
|
|
1 file changed, 5 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
|
index 1ed8e69054e0..48bc28dd0973 100644
|
|
--- a/policycoreutils/semodule/semodule.c
|
|
+++ b/policycoreutils/semodule/semodule.c
|
|
@@ -550,15 +550,12 @@ int main(int argc, char *argv[])
|
|
goto cleanup_extract;
|
|
}
|
|
|
|
- if (access(output_path, F_OK) == 0) {
|
|
- fprintf(stderr, "%s: %s is already extracted with extension %s.\n", argv[0], mode_arg, lang_ext);
|
|
- result = -1;
|
|
- goto cleanup_extract;
|
|
- }
|
|
-
|
|
- output_fd = fopen(output_path, "w");
|
|
+ output_fd = fopen(output_path, "wx");
|
|
if (output_fd == NULL) {
|
|
- fprintf(stderr, "%s: Unable to open %s\n", argv[0], output_path);
|
|
+ if (errno == EEXIST)
|
|
+ fprintf(stderr, "%s: %s is already extracted with extension %s.\n", argv[0], mode_arg, lang_ext);
|
|
+ else
|
|
+ fprintf(stderr, "%s: Unable to open %s: %s\n", argv[0], output_path, strerror(errno));
|
|
result = -1;
|
|
goto cleanup_extract;
|
|
}
|
|
--
|
|
2.38.1
|
|
|