From: Karel Zak <kzak@redhat.com>
Date: Wed, 14 Jan 2026 11:12:35 +0000 (+0100)
Subject: lib/path: add NULL checks for path in statx and access
X-Git-Tag: v2.43-devel~137^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=46f8541f94ab02ce940cc2a6a4eec37c2d026f2b;p=thirdparty%2Futil-linux.git

lib/path: add NULL checks for path in statx and access

Coverity warns that *at() libc functions (faccessat, statx) have pathname
marked as nonnull. Add explicit runtime NULL checks returning -EINVAL
instead of using __attribute__((nonnull)) into include/path.h to maintain
runtime safety for suid code.

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/lib/path.c b/lib/path.c
index 674f74fd2..6ce8a10d2 100644
--- a/lib/path.c
+++ b/lib/path.c
@@ -306,6 +306,8 @@ int ul_path_access(struct path_cxt *pc, int mode, const char *path)
 {
 	int rc;
 
+	if (!path)
+		return -EINVAL;
 	if (!pc) {
 		rc = access(path, mode);
 		DBG(CXT, ul_debug("access '%s' [no context, rc=%d]", path, rc));
@@ -313,7 +315,7 @@ int ul_path_access(struct path_cxt *pc, int mode, const char *path)
 		int dir = ul_path_get_dirfd(pc);
 		if (dir < 0)
 			return dir;
-		if (path && *path == '/')
+		if (*path == '/')
 			path++;
 
 		rc = faccessat(dir, path, mode, 0);
@@ -340,6 +342,9 @@ int ul_path_accessf(struct path_cxt *pc, int mode, const char *path, ...)
 	return !p ? -errno : ul_path_access(pc, mode, p);
 }
 
+/*
+ * If @path is NULL, then stat() is called for the directory itself addressed by @pc.
+ */
 int ul_path_stat(struct path_cxt *pc, struct stat *sb, int flags, const char *path)
 {
 	int rc;
@@ -389,18 +394,24 @@ int ul_path_statf(struct path_cxt *pc, struct stat *sb, int flags, const char *p
 	return rc;
 }
 #ifdef HAVE_STATX
+/*
+* This function follows the semantics of statx(). To call statx() for the directory
+* itself addressed by @pc, use an empty string and the AT_EMPTY_PATH @flag.
+*/
 int ul_path_statx(struct path_cxt *pc, struct statx *stx, int flags, unsigned int mask,
 		  const char *path)
 {
 	int rc;
 
+	if (!path)
+		return -EINVAL;
 	if (!pc)
 		rc = path ? statx(AT_FDCWD, path, flags, mask, stx) : - EINVAL;
 	else {
 		int dir = ul_path_get_dirfd(pc);
 		if (dir < 0)
 			return dir;
-		if (path && *path == '/')
+		if (*path == '/')
 			path++;
 
 		rc = statx(dir, path, flags, mask, stx);