From: James Jones <jejones3141@gmail.com>
Date: Tue, 18 Oct 2022 17:15:55 +0000 (-0500)
Subject: Annotate fs_check_call (CID #1271307) (#4778)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c96879bee6473452ea854af74dbc44f2f1e122a2;p=thirdparty%2Ffreeradius-server.git

Annotate fs_check_call (CID #1271307) (#4778)

The unlink() call (the use of the toctou) does check its return
code. Also, it's not liwted among the UseSet functions in "TOCTTOU
Vulnerabilities in Unix-Style File Systems: An Anatomical Study",
https://www.usenix.org/legacy/events/fast05/tech/full_papers/wei/wei.pdf
---

diff --git a/src/listen/control/proto_control_unix.c b/src/listen/control/proto_control_unix.c
index 1669c02881a..97417e01c89 100644
--- a/src/listen/control/proto_control_unix.c
+++ b/src/listen/control/proto_control_unix.c
@@ -414,6 +414,7 @@ static int fr_server_domain_socket_peercred(char const *path, uid_t UNUSED uid,
 	/*
 	 *	Check the path.
 	 */
+	/* coverity[fs_check_call] */
 	if (stat(path, &buf) < 0) {
 		if (errno != ENOENT) {
 			fr_strerror_printf("Failed to stat %s: %s", path, fr_syserror(errno));