From: Christian Göttsche <cgzones@googlemail.com>
Date: Tue, 28 Feb 2023 15:05:09 +0000 (+0100)
Subject: lib/tcbfuncs: operate on file descriptor rather than path
X-Git-Tag: 4.15.0-rc1~226
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1aaa4ec5ba8c59130ebe28d3e0f5c9121f86d8c7;p=thirdparty%2Fshadow.git

lib/tcbfuncs: operate on file descriptor rather than path
---

diff --git a/lib/tcbfuncs.c b/lib/tcbfuncs.c
index 7f96ee681..b5915fcd2 100644
--- a/lib/tcbfuncs.c
+++ b/lib/tcbfuncs.c
@@ -527,7 +527,7 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
 	struct stat tcbdir_stat;
 	gid_t shadowgid, authgid;
 	struct group *gr;
-	int fd;
+	int fd = -1;
 	shadowtcb_status ret = SHADOWTCB_FAILURE;
 
 	if (!getdef_bool ("USE_TCB")) {
@@ -566,14 +566,13 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
 		         shadow_progname, shadow, strerror (errno));
 		goto out_free;
 	}
-	close (fd);
-	if (chown (shadow, 0, authgid) != 0) {
+	if (fchown (fd, 0, authgid) != 0) {
 		fprintf (shadow_logfd,
 		         _("%s: Cannot change owner of %s: %s\n"),
 		         shadow_progname, shadow, strerror (errno));
 		goto out_free;
 	}
-	if (chmod (shadow, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) {
+	if (fchmod (fd, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) {
 		fprintf (shadow_logfd,
 		         _("%s: Cannot change mode of %s: %s\n"),
 		         shadow_progname, shadow, strerror (errno));
@@ -597,6 +596,8 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
 	}
 	ret = SHADOWTCB_SUCCESS;
 out_free:
+	if (fd != -1)
+		close(fd);
 	free (dir);
 	free (shadow);
 	return ret;