lib: chdir to / after chroot

author Aki Tuomi <aki.tuomi@dovecot.fi>

Thu, 14 Sep 2017 10:34:22 +0000 (13:34 +0300)

committer Timo Sirainen <tss@dovecot.fi>

Thu, 14 Sep 2017 11:23:46 +0000 (14:23 +0300)
author Aki Tuomi <aki.tuomi@dovecot.fi>
Thu, 14 Sep 2017 10:34:22 +0000 (13:34 +0300)
committer Timo Sirainen <tss@dovecot.fi>
Thu, 14 Sep 2017 11:23:46 +0000 (14:23 +0300)
diff --git a/src/lib/restrict-access.c b/src/lib/restrict-access.c

index 7caf7f64feb5b920ab9963e0f8c7703510e5fdd5..7441cef11f769d61c52bcc903e80203a390ca395 100644 (file)
--- a/src/lib/restrict-access.c
+++ b/src/lib/restrict-access.c
@@ -325,18 +325,17 @@ void restrict_access(const struct restrict_access_settings *set,
  
                 if (chroot(set->chroot_dir) != 0)
                         i_fatal("chroot(%s) failed: %m", set->chroot_dir);
+               /* makes static analyzers happy, and is more secure */
+               if (chdir("/") != 0)
+                       i_fatal("chdir(/) failed: %m");
+
                 chroot_dir = i_strdup(set->chroot_dir);
  
                 if (home != NULL) {
                         if (chdir(home) < 0) {
                                 i_error("chdir(%s) failed: %m", home);
-                               home = NULL;
                         }
                 }
-               if (home == NULL) {
-                       if (chdir("/") != 0)
-                               i_fatal("chdir(/) failed: %m");
-               }
         }
  
         /* uid last */
author	Aki Tuomi <aki.tuomi@dovecot.fi>
	Thu, 14 Sep 2017 10:34:22 +0000 (13:34 +0300)
committer	Timo Sirainen <tss@dovecot.fi>
	Thu, 14 Sep 2017 11:23:46 +0000 (14:23 +0300)