From: Mike Yuan <me@yhndnzj.com>
Date: Wed, 17 Sep 2025 20:27:37 +0000 (+0200)
Subject: core/exec-credential: use CLEANUP_TMPFILE_AT
X-Git-Tag: v259-rc1~537
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9bec72c94fa99a792755079d931edb2cb4df523d;p=thirdparty%2Fsystemd.git

core/exec-credential: use CLEANUP_TMPFILE_AT
---

diff --git a/src/core/exec-credential.c b/src/core/exec-credential.c
index 5e2bc8edd97..f7f388c2c01 100644
--- a/src/core/exec-credential.c
+++ b/src/core/exec-credential.c
@@ -336,40 +336,35 @@ static int write_credential(
         if (fd < 0)
                 return -errno;
 
+        CLEANUP_TMPFILE_AT(dfd, tmp);
+
         r = loop_write(fd, data, size);
         if (r < 0)
-                goto fail;
+                return r;
 
         r = RET_NERRNO(fchmod(fd, 0400)); /* Take away "w" bit */
         if (r < 0)
-                goto fail;
+                return r;
 
         if (uid_is_valid(uid) && uid != getuid()) {
                 r = fd_add_uid_acl_permission(fd, uid, ACL_READ);
-                if (r < 0) {
-                        /* Ideally we use ACLs, since we can neatly express what we want to express:
-                         * the user gets read access and nothing else. But if the backing fs can't
-                         * support that (e.g. ramfs), then we can use file ownership instead. But that's
-                         * only safe if we can then re-mount the whole thing read-only, so that the user
-                         * can no longer chmod() the file to gain write access. */
-                        if (!ownership_ok || (!ERRNO_IS_NOT_SUPPORTED(r) && !ERRNO_IS_PRIVILEGE(r)))
-                                goto fail;
-
+                /* Ideally we use ACLs, since we can neatly express what we want to express:
+                 * the user gets read access and nothing else. But if the backing fs can't
+                 * support that (e.g. ramfs), then we can use file ownership instead. But that's
+                 * only safe if we can then re-mount the whole thing read-only, so that the user
+                 * can no longer chmod() the file to gain write access. */
+                if ((ERRNO_IS_NEG_NOT_SUPPORTED(r) || ERRNO_IS_NEG_PRIVILEGE(r)) && ownership_ok)
                         r = RET_NERRNO(fchown(fd, uid, gid));
-                        if (r < 0)
-                                goto fail;
-                }
+                if (r < 0)
+                        return r;
         }
 
         r = RET_NERRNO(renameat(dfd, tmp, dfd, id));
         if (r < 0)
-                goto fail;
+                return r;
 
+        tmp = mfree(tmp); /* disarm CLEANUP_TMPFILE_AT() */
         return 0;
-
-fail:
-        (void) unlinkat(dfd, tmp, /* flags = */ 0);
-        return r;
 }
 
 typedef enum CredentialSearchPath {