From d569122a8c5f9943e1842b5b776a8b1f84182f18 Mon Sep 17 00:00:00 2001 From: Kamalesh Babulal Date: Mon, 29 Aug 2022 15:03:56 -0600 Subject: [PATCH] api.c: fix file open in cg_chmod_path() In cg_chmod_path(), the commit 96db65fbb529 ("api.c: fix TOCTOU in cg_chmod_path()), converted the file operations from stat -> fstat and chmod -> fchmod to fix a Coverity warning. The newly replaced file operations operate on file descriptors and hence introduced a side effect of opening the file at the wrong code block, that would only work as expected when the caller calls cg_chmod_path() with owner_is_umask set. Fix it by moving the file operation out of the conditional block, so it works in both of the cases of owner_is_umask being set or unset. Fixes: 96db65fbb529 ("api.c: fix TOCTOU in cg_chmod_path()) Suggested-by: Tom Hromatka Signed-off-by: Kamalesh Babulal Signed-off-by: Tom Hromatka (cherry picked from commit 91cf2e4b7ceb19c02d66af717c18d7bc64fa5df9) --- src/api.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/api.c b/src/api.c index 9589bad7..f7b6873a 100644 --- a/src/api.c +++ b/src/api.c @@ -207,12 +207,12 @@ int cg_chmod_path(const char *path, mode_t mode, int owner_is_umask) mode_t mask = -1U; int fd; + fd = open(path, O_RDONLY); + if (fd == -1) + goto fail; + if (owner_is_umask) { mode_t umask, gmask, omask; - - fd = open(path, O_RDONLY); - if (fd == -1) - goto fail; /* * Use owner permissions as an umask for group and others * permissions because we trust kernel to initialize owner -- 2.47.2