locale-setup: avoid TOCTOU in reading locale.conf

diff --git a/src/locale/localectl.c b/src/locale/localectl.c
index 966f07d08327a50112493bd1cd8b8655c5396e35..fb83881cc7189993299f52c78e3ee6510df7ede0 100644 (file)
--- a/src/locale/localectl.c
+++ b/src/locale/localectl.c
@@ -61,7 +61,7 @@ static int print_status_info(StatusInfo *i) {
         assert(i);
 
         if (arg_transport == BUS_TRANSPORT_LOCAL) {
-                _cleanup_(locale_context_clear) LocaleContext c = { .mtime = USEC_INFINITY };
+                _cleanup_(locale_context_clear) LocaleContext c = {};
 
                 r = locale_context_load(&c, LOCALE_LOAD_PROC_CMDLINE);
                 if (r < 0)

diff --git a/src/locale/localed.c b/src/locale/localed.c
index ebce509b3063cd35d27bf75ca5fa884c3aad673e..737cc6907959ca3cc12cf8420daaaf20c18adabe 100644 (file)
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -764,9 +764,7 @@ static int connect_bus(Context *c, sd_event *event, sd_bus **_bus) {
 }
 
 static int run(int argc, char *argv[]) {
-        _cleanup_(context_clear) Context context = {
-                .locale_context.mtime = USEC_INFINITY,
-        };
+        _cleanup_(context_clear) Context context = {};
         _cleanup_(sd_event_unrefp) sd_event *event = NULL;
         _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
         int r;

diff --git a/src/shared/locale-setup.c b/src/shared/locale-setup.c
index cd994cffb7da7fdfd0d5340f4fe275384b8e8c92..64af9d57b8fa882ebdc592ff85b38a2cbe02e0af 100644 (file)
--- a/src/shared/locale-setup.c
+++ b/src/shared/locale-setup.c
@@ -6,14 +6,17 @@
 #include "env-file-label.h"
 #include "env-file.h"
 #include "env-util.h"
+#include "errno-util.h"
+#include "fd-util.h"
 #include "locale-setup.h"
 #include "proc-cmdline.h"
+#include "stat-util.h"
 #include "strv.h"
 
 void locale_context_clear(LocaleContext *c) {
         assert(c);
 
-        c->mtime = USEC_INFINITY;
+        c->st = (struct stat) {};
 
         for (LocaleVariable i = 0; i < _VARIABLE_LC_MAX; i++)
                 c->locale[i] = mfree(c->locale[i]);
@@ -52,8 +55,8 @@ static int locale_context_load_proc(LocaleContext *c, LocaleLoadFlag flag) {
 }
 
 static int locale_context_load_conf(LocaleContext *c, LocaleLoadFlag flag) {
+        _cleanup_close_ int fd = -EBADFD;
         struct stat st;
-        usec_t t;
         int r;
 
         assert(c);
@@ -61,36 +64,37 @@ static int locale_context_load_conf(LocaleContext *c, LocaleLoadFlag flag) {
         if (!FLAGS_SET(flag, LOCALE_LOAD_LOCALE_CONF))
                 return 0;
 
-        r = stat("/etc/locale.conf", &st);
-        if (r < 0) {
-                if (errno == ENOENT)
-                        return 0;
+        fd = RET_NERRNO(open("/etc/locale.conf", O_CLOEXEC | O_PATH));
+        if (fd == -ENOENT)
+                return 0;
+        if (fd < 0)
+                return log_debug_errno(errno, "Failed to open /etc/locale.conf: %m");
+
+        if (fstat(fd, &st) < 0)
                 return log_debug_errno(errno, "Failed to stat /etc/locale.conf: %m");
-        }
 
-        /* If mtime is not changed, then we do not need to re-read the file. */
-        t = timespec_load(&st.st_mtim);
-        if (c->mtime != USEC_INFINITY && t == c->mtime)
+        /* If the file is not changed, then we do not need to re-read the file. */
+        if (stat_inode_unmodified(&c->st, &st))
                 return 0;
 
+        c->st = st;
         locale_context_clear(c);
-        c->mtime = t;
-
-        r = parse_env_file(NULL, "/etc/locale.conf",
-                           "LANG",              &c->locale[VARIABLE_LANG],
-                           "LANGUAGE",          &c->locale[VARIABLE_LANGUAGE],
-                           "LC_CTYPE",          &c->locale[VARIABLE_LC_CTYPE],
-                           "LC_NUMERIC",        &c->locale[VARIABLE_LC_NUMERIC],
-                           "LC_TIME",           &c->locale[VARIABLE_LC_TIME],
-                           "LC_COLLATE",        &c->locale[VARIABLE_LC_COLLATE],
-                           "LC_MONETARY",       &c->locale[VARIABLE_LC_MONETARY],
-                           "LC_MESSAGES",       &c->locale[VARIABLE_LC_MESSAGES],
-                           "LC_PAPER",          &c->locale[VARIABLE_LC_PAPER],
-                           "LC_NAME",           &c->locale[VARIABLE_LC_NAME],
-                           "LC_ADDRESS",        &c->locale[VARIABLE_LC_ADDRESS],
-                           "LC_TELEPHONE",      &c->locale[VARIABLE_LC_TELEPHONE],
-                           "LC_MEASUREMENT",    &c->locale[VARIABLE_LC_MEASUREMENT],
-                           "LC_IDENTIFICATION", &c->locale[VARIABLE_LC_IDENTIFICATION]);
+
+        r = parse_env_file_fd(fd, "/etc/locale.conf",
+                              "LANG",              &c->locale[VARIABLE_LANG],
+                              "LANGUAGE",          &c->locale[VARIABLE_LANGUAGE],
+                              "LC_CTYPE",          &c->locale[VARIABLE_LC_CTYPE],
+                              "LC_NUMERIC",        &c->locale[VARIABLE_LC_NUMERIC],
+                              "LC_TIME",           &c->locale[VARIABLE_LC_TIME],
+                              "LC_COLLATE",        &c->locale[VARIABLE_LC_COLLATE],
+                              "LC_MONETARY",       &c->locale[VARIABLE_LC_MONETARY],
+                              "LC_MESSAGES",       &c->locale[VARIABLE_LC_MESSAGES],
+                              "LC_PAPER",          &c->locale[VARIABLE_LC_PAPER],
+                              "LC_NAME",           &c->locale[VARIABLE_LC_NAME],
+                              "LC_ADDRESS",        &c->locale[VARIABLE_LC_ADDRESS],
+                              "LC_TELEPHONE",      &c->locale[VARIABLE_LC_TELEPHONE],
+                              "LC_MEASUREMENT",    &c->locale[VARIABLE_LC_MEASUREMENT],
+                              "LC_IDENTIFICATION", &c->locale[VARIABLE_LC_IDENTIFICATION]);
         if (r < 0)
                 return log_debug_errno(r, "Failed to read /etc/locale.conf: %m");
 
@@ -181,7 +185,6 @@ int locale_context_build_env(const LocaleContext *c, char ***ret_set, char ***re
 
 int locale_context_save(LocaleContext *c, char ***ret_set, char ***ret_unset) {
         _cleanup_strv_free_ char **set = NULL, **unset = NULL;
-        struct stat st;
         int r;
 
         assert(c);
@@ -196,7 +199,8 @@ int locale_context_save(LocaleContext *c, char ***ret_set, char ***ret_unset) {
                 if (unlink("/etc/locale.conf") < 0)
                         return errno == ENOENT ? 0 : -errno;
 
-                c->mtime = USEC_INFINITY;
+                c->st = (struct stat) {};
+
                 if (ret_set)
                         *ret_set = NULL;
                 if (ret_unset)
@@ -208,11 +212,9 @@ int locale_context_save(LocaleContext *c, char ***ret_set, char ***ret_unset) {
         if (r < 0)
                 return r;
 
-        if (stat("/etc/locale.conf", &st) < 0)
+        if (stat("/etc/locale.conf", &c->st) < 0)
                 return -errno;
 
-        c->mtime = timespec_load(&st.st_mtim);
-
         if (ret_set)
                 *ret_set = TAKE_PTR(set);
         if (ret_unset)
@@ -254,7 +256,7 @@ bool locale_context_equal(const LocaleContext *c, char *l[_VARIABLE_LC_MAX]) {
 }
 
 int locale_setup(char ***environment) {
-        _cleanup_(locale_context_clear) LocaleContext c = { .mtime = USEC_INFINITY };
+        _cleanup_(locale_context_clear) LocaleContext c = {};
         _cleanup_strv_free_ char **add = NULL;
         int r;
 

diff --git a/src/shared/locale-setup.h b/src/shared/locale-setup.h
index ec3fc8c364a944f2686d8668d3ed28aeb31fd731..537acc72df83c344acac7c5fb5af4e297cf49e05 100644 (file)
--- a/src/shared/locale-setup.h
+++ b/src/shared/locale-setup.h
@@ -1,11 +1,12 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #pragma once
 
+#include <sys/stat.h>
+
 #include "locale-util.h"
-#include "time-util.h"
 
 typedef struct LocaleContext {
-        usec_t mtime;
+        struct stat st;
         char *locale[_VARIABLE_LC_MAX];
 } LocaleContext;