lib/path: add NULL checks for path in statx and access

Coverity warns that *at() libc functions (faccessat, statx) have pathname
marked as nonnull. Add explicit runtime NULL checks returning -EINVAL
instead of using __attribute__((nonnull)) into include/path.h to maintain
runtime safety for suid code.

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/lib/path.c b/lib/path.c
index 674f74fd2f90bdd539150d3ad5895e5106df969e..6ce8a10d2dd035432a4701e0f38c1120578028f0 100644 (file)
--- a/lib/path.c
+++ b/lib/path.c
@@ -306,6 +306,8 @@ int ul_path_access(struct path_cxt *pc, int mode, const char *path)
 {
        int rc;
 
+       if (!path)
+               return -EINVAL;
        if (!pc) {
                rc = access(path, mode);
                DBG(CXT, ul_debug("access '%s' [no context, rc=%d]", path, rc));
@@ -313,7 +315,7 @@ int ul_path_access(struct path_cxt *pc, int mode, const char *path)
                int dir = ul_path_get_dirfd(pc);
                if (dir < 0)
                        return dir;
-               if (path && *path == '/')
+               if (*path == '/')
                        path++;
 
                rc = faccessat(dir, path, mode, 0);
@@ -340,6 +342,9 @@ int ul_path_accessf(struct path_cxt *pc, int mode, const char *path, ...)
        return !p ? -errno : ul_path_access(pc, mode, p);
 }
 
+/*
+ * If @path is NULL, then stat() is called for the directory itself addressed by @pc.
+ */
 int ul_path_stat(struct path_cxt *pc, struct stat *sb, int flags, const char *path)
 {
        int rc;
@@ -389,18 +394,24 @@ int ul_path_statf(struct path_cxt *pc, struct stat *sb, int flags, const char *p
        return rc;
 }
 #ifdef HAVE_STATX
+/*
+* This function follows the semantics of statx(). To call statx() for the directory
+* itself addressed by @pc, use an empty string and the AT_EMPTY_PATH @flag.
+*/
 int ul_path_statx(struct path_cxt *pc, struct statx *stx, int flags, unsigned int mask,
                  const char *path)
 {
        int rc;
 
+       if (!path)
+               return -EINVAL;
        if (!pc)
                rc = path ? statx(AT_FDCWD, path, flags, mask, stx) : - EINVAL;
        else {
                int dir = ul_path_get_dirfd(pc);
                if (dir < 0)
                        return dir;
-               if (path && *path == '/')
+               if (*path == '/')
                        path++;
 
                rc = statx(dir, path, flags, mask, stx);